[PATCH 2/3] Don't raise errors in the selinux restore code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The restore code is done in places where errors cannot be
raised, since they will overwrite over pre-existing errors.

* src/security/security_selinux.c: Only warn about failures
  in label restore, don't report errors
---
 src/security/security_selinux.c |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 383e189..fdbd12b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -347,6 +347,9 @@ SELinuxSetFilecon(const char *path, char *tcon)
     return 0;
 }
 
+
+/* This method shouldn't raise errors, since they'll overwrite
+ * errors that the caller(s) are already dealing with */
 static int
 SELinuxRestoreSecurityFileLabel(const char *path)
 {
@@ -354,27 +357,27 @@ SELinuxRestoreSecurityFileLabel(const char *path)
     security_context_t fcon = NULL;
     int rc = -1;
     char *newpath = NULL;
+    char ebuf[1024];
 
     VIR_INFO("Restoring SELinux context on '%s'", path);
 
     if (virFileResolveLink(path, &newpath) < 0) {
-        virReportSystemError(errno,
-                             _("cannot resolve symlink %s"), path);
+        VIR_WARN("cannot resolve symlink %s: %s", path,
+                 virStrerror(errno, ebuf, sizeof(ebuf)));
         goto err;
     }
 
     if (stat(newpath, &buf) != 0) {
-        virReportSystemError(errno,
-                             _("cannot stat %s"), newpath);
+        VIR_WARN("cannot stat %s: %s", newpath,
+                 virStrerror(errno, ebuf, sizeof(ebuf)));
         goto err;
     }
 
     if (matchpathcon(newpath, buf.st_mode, &fcon) == 0)  {
         rc = SELinuxSetFilecon(newpath, fcon);
     } else {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               _("cannot restore selinux file label for %s"),
-                               newpath);
+        VIR_WARN("cannot lookup default selinux label for %s",
+                 newpath);
     }
 
 err:
-- 
1.6.6.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]