On Tue, Jun 23, 2009 at 03:02:52PM +0200, Daniel Veillard wrote: > As pointed by Tim Waugh in > https://bugzilla.redhat.com/show_bug.cgi?id=507555 > there are times where setting an SELinux file context is not possible, > so if the context is already set appropriately the operation should be > skipped > > Patch from Tim looks fine by me though I'm not versed in SELinux > > Daniel > > -- > Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ > daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ > http://veillard.com/ | virtualization library http://libvirt.org/ > diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c > --- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon 2009-06-23 10:23:59.969448493 +0100 > +++ libvirt-0.6.2/src/security_selinux.c 2009-06-23 10:59:27.895447757 +0100 > @@ -280,10 +280,19 @@ static int > SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon) > { > char ebuf[1024]; > + security_context_t econ; > > VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); > > if(setfilecon(path, tcon) < 0) { > + if (getfilecon(path, &econ) >= 0) { > + if (!strcmp(tcon, econ)) { > + freecon(econ); > + /* It's alright, there's nothing to change anyway. */ > + return 0; > + } > + freecon(econ); > + } > virSecurityReportError(conn, VIR_ERR_ERROR, > _("%s: unable to set security context " > "'\%s\' on %s: %s."), __func__, The patch has a bit of whitespace damage, and should use STREQ, but functionally it looks correct. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list