On 05/11/2012 06:10 AM, Daniel P. Berrange wrote:
From: Daniel Walsh<dwalsh@xxxxxxxxxx>
Currently the SELinux driver stores its state in a set of global
variables. This switches it to use a private data struct instead.
This will enable different instances to have their own data.
Signed-off-by: Daniel P. Berrange<berrange@xxxxxxxxxx>
---
+SELinuxInitialize(virSecurityManagerPtr mgr)
{
[...]
- ptr = strchrnul(default_image_context, '\n');
- if (*ptr == '\n') {
+ ptr = strchrnul(data->file_context, '\n');
+ if (ptr&& *ptr == '\n') {
*ptr = '\0';
- strcpy(default_content_context, ptr+1);
- ptr = strchrnul(default_content_context, '\n');
- if (*ptr == '\n')
+ data->content_context = strdup(ptr+1);
+ if (!data->content_context)
+ goto error;
virReportOOMError ?
@@ -264,13 +277,11 @@ SELinuxGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
goto cleanup;
}
- if (!def->seclabel.norelabel) {
- def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
- if (!def->seclabel.imagelabel) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot generate selinux context for %s"), mcs);
- goto cleanup;
- }
+ def->seclabel.imagelabel = SELinuxGenNewContext(data->file_context, mcs);
+ if (!def->seclabel.imagelabel) {
+ virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot generate selinux context for %s"), mcs);
+ goto cleanup;
}
There was this check if (!def->seclabel.norelabel) that's now gone. Was
this removed by accident?
ACK with nit fixed.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list