ts = _ts;
int res = 0;
- rpmlog(RPMLOG_INFO, "reading device security policy from %s\n", DEVICE_SECURITY_POLICY);
+ rpmlog(RPMLOG_DEBUG, "reading device security policy from %s\n", DEVICE_SECURITY_POLICY);
root = msmProcessDevSecPolicyXml(DEVICE_SECURITY_POLICY);
if (root) {
}
if (stat(SMACK_RULES_PATH, &buf) != 0) {
- rpmlog(RPMLOG_INFO, "A directory for writing smack rules is missing. Creating one.\n");
+ rpmlog(RPMLOG_DEBUG, "A directory for writing smack rules is missing. Creating one.\n");
mode_t mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IROTH; // 644 -rwer--r--
if (stat(SMACK_RULES_PATH_BEG, &buf) != 0) {
if (mkdir(SMACK_RULES_PATH_BEG, mode) != 0) {
for (origin = sw_source->origins; origin; origin = origin->prev) {
for (keyinfo = origin->keyinfos; keyinfo; keyinfo = keyinfo->prev) {
if (pgpPrtParams(keyinfo->keydata, keyinfo->keylen, PGPTAG_PUBLIC_KEY, &key)) {
- rpmlog(RPMLOG_INFO, "invalid sw source key\n");
+ rpmlog(RPMLOG_ERR, "invalid sw source key\n");
return -1;
}
if (pgpVerifySignature(key, sig, ctx) == RPMRC_OK) {
#endif
if (!root) {
- rpmlog(RPMLOG_INFO, "No device policy found\n");
+ rpmlog(RPMLOG_ERR, "No device policy found\n");
rootSWSource = 1; /* accept any signed package as root */
return rpmrc;
}
if (rpmrc == RPMRC_NOKEY) {
/* No key, revert to unknown sw source. */
- rpmlog(RPMLOG_INFO, "no key for signature, cannot search sw source\n");
+ rpmlog(RPMLOG_ERR, "no key for signature, cannot search sw source\n");
goto exit;
}
if (rpmrc) {
}
if (sigtd->tag != RPMSIGTAG_RSA) {
/* Not RSA, revert to unknown sw source. */
- rpmlog(RPMLOG_INFO, "no RSA signature, cannot search sw source\n");
+ rpmlog(RPMLOG_DEBUG, "no RSA signature, cannot search sw source\n");
goto exit;
}
current = msmSWSourceTreeTraversal(root->sw_sources, findSWSourceBySignature, sig, ctx);
if (current)
- rpmlog(RPMLOG_INFO, "signature matches sw source %s\n", current->name);
+ rpmlog(RPMLOG_DEBUG, "signature matches sw source %s\n", current->name);
else
- rpmlog(RPMLOG_INFO, "valid signature but no matching sw source\n");
+ rpmlog(RPMLOG_DEBUG, "valid signature but no matching sw source\n");
exit:
if (!current) {
current = msmSWSourceTreeTraversal(root->sw_sources, findSWSourceByName, (void *)"_default_", NULL);
if (current)
- rpmlog(RPMLOG_INFO, "using _default_ sw source\n");
+ rpmlog(RPMLOG_DEBUG, "using _default_ sw source\n");
else { // for now in case default sw source isn't there yet, allow to think that it is coming from root
current = msmSWSourceTreeTraversal(root->sw_sources, findSWSourceByName, (void *)"root", NULL);
if (current)
- rpmlog(RPMLOG_INFO, "using _root_ sw source now for testing\n");
+ rpmlog(RPMLOG_DEBUG, "using _root_ sw source now for testing\n");
}
}
}
ctx->data = xstrdup(rpmtdNextString(&msm));
- rpmlog(RPMLOG_INFO, "%s manifest b64 data: %.40s...\n",
+ rpmlog(RPMLOG_DEBUG, "%s manifest b64 data: %.40s...\n",
rpmteN(ctx->te), ctx->data);
exit2:
/* this means that verify hook has not been called */
current = msmSWSourceTreeTraversal(root->sw_sources, findSWSourceByName, (void *)"_default_", NULL);
if (current)
- rpmlog(RPMLOG_INFO, "using _default_ sw source\n");
+ rpmlog(RPMLOG_DEBUG, "using _default_ sw source\n");
else {
rpmlog(RPMLOG_ERR, "Default source isn't availiable. Package source can't be determined. Abort installation\n");
goto fail;
const char *name = headerGetString(h, RPMTAG_SECSWSOURCE);
if (name) {
current = msmSWSourceTreeTraversal(root->sw_sources, findSWSourceByName, (void *)name, NULL);
- rpmlog(RPMLOG_INFO, "removing %s from sw source %s\n",
+ rpmlog(RPMLOG_DEBUG, "removing %s from sw source %s\n",
rpmteN(ctx->te), name);
}
headerFree(h);
goto fail;
}
- rpmlog(RPMLOG_INFO, "parsing %s manifest: \n%s", rpmteN(ctx->te), xml);
+ rpmlog(RPMLOG_DEBUG, "parsing %s manifest: \n%s", rpmteN(ctx->te), xml);
mfx = msmProcessManifestXml(xml, xmllen, current, rpmteN(ctx->te));
if (!mfx) {
goto fail;
}
- rpmlog(RPMLOG_INFO, "adding %s manifest data to system, package_name %s\n",
+ rpmlog(RPMLOG_DEBUG, "adding %s manifest data to system, package_name %s\n",
rpmteN(ctx->te), package->name);
if (msmSetupPackages(ctx->smack_accesses, package, package->sw_source)) {
} else if (rpmteDependsOn(ctx->te)) { /* TR_REMOVED */
- rpmlog(RPMLOG_INFO, "upgrading package %s by %s\n",
+ rpmlog(RPMLOG_DEBUG, "upgrading package %s by %s\n",
rpmteNEVR(ctx->te), rpmteNEVR(rpmteDependsOn(ctx->te)));
} else if (mfx->sw_sources) {
rpmlog(RPMLOG_ERR, "Cannot remove sw source package %s\n",
rpmteN(ctx->te), fc->path, fc->sw_source->name);
return RPMRC_FAIL;
}
- rpmlog(RPMLOG_INFO, "%s from %s overwrites %s from %s\n",
+ rpmlog(RPMLOG_DEBUG, "%s from %s overwrites %s from %s\n",
rpmteN(ctx->te), current->name, fc->path, fc->sw_source->name);
}
if (rpmteType(ctx->te) == TR_REMOVED) {
if (ctx->mfx->sw_source) {
if (rpmteDependsOn(ctx->te)) {
- rpmlog(RPMLOG_INFO, "upgrading %s manifest data\n",
+ rpmlog(RPMLOG_DEBUG, "upgrading %s manifest data\n",
rpmteN(ctx->te));
} else {
- rpmlog(RPMLOG_INFO, "removing %s manifest data\n",
+ rpmlog(RPMLOG_DEBUG, "removing %s manifest data\n",
rpmteN(ctx->te));
if (ctx->mfx->define || ctx->mfx->provides || ctx->mfx->sw_sources) {
msmRemoveRules(ctx->smack_accesses, ctx->mfx, SmackEnabled);
sw_source = headerGetString(h, RPMTAG_SECSWSOURCE);
if (name && sw_source) {
match = !strncmp(rfor, name, path - rfor - 2);
- rpmlog(RPMLOG_INFO, "file %s belongs to package %s in sw source %s %s\n", path, name, sw_source, (match ? "(matched request)" : ""));
+ rpmlog(RPMLOG_DEBUG, "file %s belongs to package %s in sw source %s %s\n", path, name, sw_source, (match ? "(matched request)" : ""));
if (match) {
*pname = xstrdup(name);
*dname = xstrdup(sw_source);
if (!sw_source->newer) {
for (ac_domain = provide->ac_domains; ac_domain; ac_domain = ac_domain->prev) {
ac_domain->allowed = msmIsProvideAllowed(ac_domain, sw_source, ac_domain->origin);
- rpmlog(RPMLOG_INFO, "%s ac_domain %s provided in %s for %s\n", (ac_domain->allowed ? "allowing" : "not allowing"),
+ rpmlog(RPMLOG_DEBUG, "%s ac_domain %s provided in %s for %s\n", (ac_domain->allowed ? "allowing" : "not allowing"),
ac_domain->name, ac_domain->sw_source->name, sw_source->name);
}
if (smack_accesses)
path, strerror(errno));
goto exit;
}
- rpmlog(RPMLOG_INFO, "added zypper repository %s for sw source %s\n",
+ rpmlog(RPMLOG_DEBUG, "added zypper repository %s for sw source %s\n",
path, sw_source->name);
ret = 0;
if (ts) {
for (origin = sw_source->origins; origin; origin = origin->prev) {
for (keyinfo = origin->keyinfos; keyinfo; keyinfo = keyinfo->prev) {
- rpmlog(RPMLOG_INFO, "setting keyinfo for sw source %s\n",
+ rpmlog(RPMLOG_DEBUG, "setting keyinfo for sw source %s\n",
sw_source->name);
rc = rpmtsImportPubkey(ts, keyinfo->keydata, keyinfo->keylen);
if (rc != RPMRC_OK) {
}
}
for (access = origin->accesses; access; access = access->prev) {
- rpmlog(RPMLOG_INFO, "setting access %s for sw source %s\n",
+ rpmlog(RPMLOG_DEBUG, "setting access %s for sw source %s\n",
access->data, sw_source->name);
if (origin->type && !strcmp(origin->type, "ZYPPER")) {
ret = msmSetupZypperRepo(access, sw_source);
for (allow = sw_source->allows; allow; allow = allow->hh.next) {
HASH_FIND(hh, all_ac_domains, allow->name, strlen(allow->name), ac_domain);
if (ac_domain) {
- rpmlog(RPMLOG_INFO, "sw source %s allows access to ac domain %s\n",
+ rpmlog(RPMLOG_DEBUG, "sw source %s allows access to ac domain %s\n",
sw_source->name, allow->name);
} else {
rpmlog(RPMLOG_WARNING, "sw source %s allows access to ac domain %s which doesn't exist\n",
}
}
for (allow = sw_source->allowmatches; allow; allow = allow->prev)
- rpmlog(RPMLOG_INFO, "sw source %s allows access to ac domain match %s\n",
+ rpmlog(RPMLOG_DEBUG, "sw source %s allows access to ac domain match %s\n",
sw_source->name, allow->match);
for (deny = sw_source->denys; deny; deny = deny->hh.next) {
HASH_FIND(hh, all_ac_domains, deny->name, strlen(deny->name), ac_domain);
if (ac_domain) {
- rpmlog(RPMLOG_INFO, "sw source %s denies access to ac domain %s\n",
+ rpmlog(RPMLOG_DEBUG, "sw source %s denies access to ac domain %s\n",
sw_source->name, deny->name);
} else {
rpmlog(RPMLOG_WARNING, "sw source %s denies access to ac domain %s which doesn't exist\n",
}
}
for (deny = sw_source->denymatches; deny; deny = deny->prev)
- rpmlog(RPMLOG_INFO, "sw source %s denies access to ac domain match %s\n",
+ rpmlog(RPMLOG_DEBUG, "sw source %s denies access to ac domain match %s\n",
sw_source->name, deny->match);
if (parent) {
path, strerror(errno));
goto exit;
}
- rpmlog(RPMLOG_INFO, "wrote dbus config %s\n", path);
+ rpmlog(RPMLOG_DEBUG, "wrote dbus config %s\n", path);
}
ret = 0;
// now checking if security policy allows to join this domain
if (msmIsRequestAllowed(mfx, defined_ac_domain)) {
- rpmlog(RPMLOG_INFO, "Request for a domain name %s is allowed based on package sw source\n", mfx->request->ac_domain);
+ rpmlog(RPMLOG_DEBUG, "Request for a domain name %s is allowed based on package sw source\n", mfx->request->ac_domain);
return 0;
} else {
HASH_ADD_KEYPTR(hh, all_ac_domains, ac_domain->name, strlen(ac_domain->name), ac_domain);
current_d->newer = ac_domain;
ac_domain->older = current_d;
- rpmlog(RPMLOG_INFO, "package %s upgraded ac domain %s\n", ac_domain->pkg_name, ac_domain->name);
+ rpmlog(RPMLOG_DEBUG, "package %s upgraded ac domain %s\n", ac_domain->pkg_name, ac_domain->name);
} else {
rpmlog(RPMLOG_ERR, "package %s can't upgrade ac domain %s previously defined in package %s\n",
}
} else {
HASH_ADD_KEYPTR(hh, all_ac_domains, ac_domain->name, strlen(ac_domain->name), ac_domain);
- rpmlog(RPMLOG_INFO, "package %s defined ac domain %s\n", ac_domain->pkg_name, ac_domain->name);
+ rpmlog(RPMLOG_DEBUG, "package %s defined ac domain %s\n", ac_domain->pkg_name, ac_domain->name);
}
}
int ret = msmSetSmackProvide(smack_accesses, provide, package->sw_source);
if ((strcmp(p_rankkey, c_rankkey) < 0) ||
(strcmp(package->sw_source->name, current_p->sw_source->name) == 0)) {
HASH_DELETE(hh, allpackages, current_p);
- rpmlog(RPMLOG_INFO, "sw source %s upgraded package %s previously provided in sw source %s\n",
+ rpmlog(RPMLOG_DEBUG, "sw source %s upgraded package %s previously provided in sw source %s\n",
package->sw_source->name, package->name, current_p->sw_source->name);
current_p->newer = package;
package->older = current_p;
msmFreePointer((void**)&c_rankkey);
} else {
if (sw_source) {
- rpmlog(RPMLOG_INFO, "sw source %s provided package %s\n", package->sw_source->name, package->name);
+ rpmlog(RPMLOG_DEBUG, "sw source %s provided package %s\n", package->sw_source->name, package->name);
}
}
rpmlog(RPMLOG_DEBUG, "before HASH_ADD_KEYPTR\n");
if (!label) label = mfx->request->ac_domain;
if (!exec_label) exec_label = mfx->request->ac_domain;
} else {
- rpmlog(RPMLOG_INFO, "Request for AC domain is empty. Can't identify default file label\n");
- rpmlog(RPMLOG_INFO, "File will be labelled with the label \"Isolated\"\n");
+ rpmlog(RPMLOG_DEBUG, "Request for AC domain is empty. Can't identify default file label\n");
+ rpmlog(RPMLOG_DEBUG, "File will be labelled with the label \"Isolated\"\n");
if (!label) label = isolatedLabel;
if (!exec_label) exec_label = isolatedLabel;
}
if (!label) label = mfx->define->name;
if (!exec_label) exec_label = mfx->define->name;
} else {
- rpmlog(RPMLOG_INFO, "Define for AC domain is empty. Can't identify default file label\n");
- rpmlog(RPMLOG_INFO, "File will be labelled with the label \"Isolated\"\n");
+ rpmlog(RPMLOG_DEBUG, "Define for AC domain is empty. Can't identify default file label\n");
+ rpmlog(RPMLOG_DEBUG, "File will be labelled with the label \"Isolated\"\n");
if (!label) label = isolatedLabel;
if (!exec_label) exec_label = isolatedLabel;
}
} else { // no request or definition of domain
- rpmlog(RPMLOG_INFO, "Both define and request sections are empty. Can't identify default file label\n");
- rpmlog(RPMLOG_INFO, "File will be labelled with the label \"Isolated\"\n");
+ rpmlog(RPMLOG_DEBUG, "Both define and request sections are empty. Can't identify default file label\n");
+ rpmlog(RPMLOG_DEBUG, "File will be labelled with the label \"Isolated\"\n");
if (!label) label = isolatedLabel;
if (!exec_label) exec_label = isolatedLabel;
}
}
- rpmlog(RPMLOG_INFO, "setting SMACK64 %s for %s\n", label, filepath);
+ rpmlog(RPMLOG_DEBUG, "setting SMACK64 %s for %s\n", label, filepath);
if (lsetxattr(filepath, SMACK64, label, strlen(label), 0) < 0 ) {
rpmlog(RPMLOG_ERR, "Failed to set SMACK64 %s for %s: %s\n",
if ((is_executable(filepath, cookie)) == 0) {
if ((exec_label) && (strcmp(exec_label, "none") == 0)) {
// do not set SMACK64EXEC
- rpmlog(RPMLOG_INFO, "not setting SMACK64EXEC for %s as requested in manifest\n", filepath);
+ rpmlog(RPMLOG_DEBUG, "not setting SMACK64EXEC for %s as requested in manifest\n", filepath);
} else {
- rpmlog(RPMLOG_INFO, "setting SMACK64EXEC %s for %s\n", exec_label, filepath);
+ rpmlog(RPMLOG_DEBUG, "setting SMACK64EXEC %s for %s\n", exec_label, filepath);
if (lsetxattr(filepath, SMACK64EXEC, exec_label, strlen(exec_label), 0) < 0 ) {
rpmlog(RPMLOG_ERR, "Failed to set SMACK64EXEC %s for %s: %s\n",
exec_label, filepath, strerror(errno));
if (type) { //marked as transmutable
if ((lstat(filepath, &st) != -1) && (S_ISDIR(st.st_mode))) { //check that it is a directory
char at_true[] = "TRUE";
- rpmlog(RPMLOG_INFO, "setting SMACK64TRANSMUTE %s for %s\n", at_true, filepath);
+ rpmlog(RPMLOG_DEBUG, "setting SMACK64TRANSMUTE %s for %s\n", at_true, filepath);
if ( lsetxattr(filepath, SMACK64TRANSMUTE, at_true, strlen(at_true), 0) < 0 ) {
rpmlog(RPMLOG_ERR, "Failed to set SMACK64TRANSMUTE %s for %s: %s\n",
at_true, filepath, strerror(errno));
if (!package->older) {
/* set newer to remove from config list */
package->newer = package;
- rpmlog(RPMLOG_INFO, "removing package for %s\n", mfx->name);
+ rpmlog(RPMLOG_DEBUG, "removing package for %s\n", mfx->name);
}
}
}