pam_xauth: improve error logging on selabel lookup

Log in case the database could not be initialized. Include the errno on lookup failure.
author: Christian Göttsche <cgzones@googlemail.com> 2024-05-24 17:39:21 +0200
committer: Christian Göttsche <cgzones@googlemail.com> 2024-05-24 17:39:21 +0200
commit: 8562cb1b951e7bd807af6b43d85c71cedd7b10d7 (patch)
tree: 71b924524938967d1e392d7fdb46f8052f567283 /modules
parent: 5d548fec5a6a1c7016ce7de108164f100583ba49 (diff)
download: pam-8562cb1b951e7bd807af6b43d85c71cedd7b10d7.tar.gz
pam-8562cb1b951e7bd807af6b43d85c71cedd7b10d7.tar.bz2
pam-8562cb1b951e7bd807af6b43d85c71cedd7b10d7.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 52229968..5e80b312 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -613,11 +613,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 #ifdef WITH_SELINUX
 		if (is_selinux_enabled() > 0) {
 			struct selabel_handle *ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-			if (ctx != NULL) {
+			if (!ctx) {
+				pam_syslog(pamh, LOG_WARNING,
+					   "could not initialize SELinux labeling handle: %m");
+			} else {
 				if (selabel_lookup_raw(ctx, &context_raw,
 						       xauthority + sizeof(XAUTHENV), S_IFREG) != 0) {
 					pam_syslog(pamh, LOG_WARNING,
-						   "could not get SELinux label for '%s'",
+						   "could not get SELinux label for '%s': %m",
 						   xauthority + sizeof(XAUTHENV));
 				}
 				selabel_close(ctx);
author	Christian Göttsche <cgzones@googlemail.com>	2024-05-24 17:39:21 +0200
committer	Christian Göttsche <cgzones@googlemail.com>	2024-05-24 17:39:21 +0200
commit	8562cb1b951e7bd807af6b43d85c71cedd7b10d7 (patch)
tree	71b924524938967d1e392d7fdb46f8052f567283 /modules
parent	5d548fec5a6a1c7016ce7de108164f100583ba49 (diff)
download	pam-8562cb1b951e7bd807af6b43d85c71cedd7b10d7.tar.gz pam-8562cb1b951e7bd807af6b43d85c71cedd7b10d7.tar.bz2 pam-8562cb1b951e7bd807af6b43d85c71cedd7b10d7.zip