As pointed by Tim Waugh in
https://bugzilla.redhat.com/show_bug.cgi?id=507555
there are times where setting an SELinux file context is not possible,
so if the context is already set appropriately the operation should be
skipped
Patch from Tim looks fine by me though I'm not versed in SELinux
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c
--- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon 2009-06-23 10:23:59.969448493 +0100
+++ libvirt-0.6.2/src/security_selinux.c 2009-06-23 10:59:27.895447757 +0100
@@ -280,10 +280,19 @@ static int
SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
+ security_context_t econ;
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
if(setfilecon(path, tcon) < 0) {
+ if (getfilecon(path, &econ) >= 0) {
+ if (!strcmp(tcon, econ)) {
+ freecon(econ);
+ /* It's alright, there's nothing to change anyway. */
+ return 0;
+ }
+ freecon(econ);
+ }
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
"'\%s\' on %s: %s."), __func__,
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list