commit: 86580be51b07fe6e054904fbb66014905f07056f Author: Kerin Millar <kfm <AT> plushkava <DOT> net> AuthorDate: Mon Jan 5 00:40:37 2026 +0000 Commit: Kerin Millar <kfm <AT> plushkava <DOT> net> CommitDate: Mon Jan 5 00:40:54 2026 +0000 URL: https://gitweb.gentoo.org/proj/locale-gen.git/commit/?id=86580be5
Add diagnostics to communicate actions taken in lieu of SELinux This commit introduces new diagnostic messages that communicate the actions taken for filesystems that support SELinux security labels. Firstly, if the filesystem backing the locale archive is found to support security labels, a message to that effect shall be printed to standard out. Secondly, if either of chcon(1) or restorecon(8) are executed, a message to that effect shall be printed to standard out. Thirdly, if it is concluded that either of chcon(1) or restorecon(8) should be executed, yet cannot be on account of being missing or non-executable, a warning shall be printed to standard error. Bug: https://bugs.gentoo.org/968318 Signed-off-by: Kerin Millar <kfm <AT> plushkava.net> locale-gen | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/locale-gen b/locale-gen index 5fff699..2dc6eec 100644 --- a/locale-gen +++ b/locale-gen @@ -582,8 +582,17 @@ sub install_archive ($src_path, $dst_path, $may_reset_labels) { run('mv', '--', $src_path, $interim_path); # If a prior archive exists, attempt to preserve its SELinux label. - if ($has_seclabels && $has_archive && can_run('chcon')) { - copy_security_context($dst_path, $interim_path); + if ($has_seclabels) { + print "The filesystem is mounted with support for SELinux security labels.\n"; + } + if ($has_seclabels && $has_archive) { + my $action = 'copy the security context of the previous archive'; + if (can_run('chcon')) { + print "Attempting to $action ...\n"; + copy_security_context($dst_path, $interim_path); + } else { + print_warning("Not attempting to $action because chcon(1) is unavailable.\n"); + } } # Activate the new archive by atomically renaming it into place. @@ -592,8 +601,14 @@ sub install_archive ($src_path, $dst_path, $may_reset_labels) { } # If no prior archive existed, restore the appropriate SELinux label. - if ($has_seclabels && ! $has_archive && $may_reset_labels && can_run('restorecon')) { - run('restorecon', '-Fmv', '--', $dst_path); + if ($has_seclabels && ! $has_archive && $may_reset_labels) { + my $action = 'restore the default security context of the archive'; + if (can_run('restorecon')) { + print "Attempting to $action ...\n"; + run('restorecon', '-Fmv', '--', $dst_path); + } else { + print_warning("Not attempting to $action because restorecon(8) is unavailable.\n"); + } } # Return the size of the archive, in bytes.
