broken setting of log level in libsepol?

[mikhailnov]

I wanted to set maximum log level in semodule (libsepol). Grepped the source code and it seemed me that lvl is always 1 and there is no way to change it via cli.

So I had to patch it to get maximum log level.

diff --git a/libsepol/cil/src/cil_log.c b/libsepol/cil/src/cil_log.c
index b222b155..82dc56f3 100644
--- a/libsepol/cil/src/cil_log.c
+++ b/libsepol/cil/src/cil_log.c
@@ -51,11 +51,11 @@ void cil_set_log_handler(void (*handler)(int lvl, char *msg))
 
 __attribute__ ((format (printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, const char *msg, va_list args)
 {
-	if (cil_log_level >= lvl) {
+	//if (cil_log_level >= lvl) {
 		char buff[MAX_LOG_SIZE];
 		vsnprintf(buff, MAX_LOG_SIZE, msg, args);
 		(*cil_log_handler)(cil_log_level, buff);
-	}
+	//}
 }
 
 __attribute__ ((format (printf, 2, 3))) void cil_log(enum cil_log_level lvl, const char *msg, ...)

Please correct me if I'm wrong.

[stephensmalley]

cil_set_log_level(), called by secilc or secil2conf with a level that can be incremented by passing one or more -v options?

[mikhailnov]

I needed it from semodule, not secil

[stephensmalley]

Probably semodule should be patched to call cil_set_log_level() with a value based on its existing -v option, which presently only controls its own logging.