On 10/12/2012 05:41 PM, Eric Blake wrote: > On 10/12/2012 09:17 AM, Martin Kletzander wrote: >> On 10/12/2012 04:53 PM, Eric Blake wrote: >>> On 10/12/2012 08:39 AM, Martin Kletzander wrote: >>>> We are currently able to work only with non-translated SELinux >>>> contexts, but we are using functions that work with translated >>>> contexts throughout the code. This patch swaps all SELinux context >>>> translation relative calls with their raw sisters to avoid parsing >>>> problems. >>>> >>>> The problems can be experienced with mcstrans for example. >>>> Thanks Laurent Bigonville for finding this out. > >> >> The difference is that if you have translations enabled (yum install >> mcstrans; service mcstrans start), fgetfilecon_raw() will get you >> something like 'system_u:object_r:virt_image_t:s0', whereas >> fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow' >> that we cannot parse. > > Very useful, and worth including in the commit message. > >> I'm trying to confirm that the _raw variants were here since the dawn of >> time, but the only thing I see now is that it was imported together in >> the upstream repo [1] from svn, so before 2008. >> >> [1] http://oss.tresys.com/git/selinux.git > > Also useful. Put this in the commit message as well, and you have my > ACK, since I just verified that fgetfilecon_raw exists on RHEL 5, which > is all the further we have to worry about historically. > Thanks for checking that, I've put the additional info inside the commit message and pushed. Martin -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list