On Tue, Jan 25, 2011 at 04:24:18AM -0500, Laine Stump wrote: > A need was found to set the SELinux context label on an open fd (a > pipe, as a matter of fact). This patch adds a function to the security > driver API that will set the label on an open fd to secdef.label. For > all drivers other than the SELinux driver, it's a NOP. For the SElinux > driver, it calls fsetfilecon(). > > If the return is a failure, it only returns error up to the caller if > 1) the desired label is different from the existing label, 2) the > destination fd is of a type that supports setting the selinux context, > and 3) selinux is in enforcing mode. Otherwise it will return > success. This follows the pattern of the existing function > SELinuxSetFilecon(). ACK Daniel -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list