[PATCH 1/2] selinux: load and free selinux active file contexts configuration database

Guannan Ren <gren@xxxxxxxxxx> · Mon, 15 Oct 2012 15:12:45 +0800

If we use matchpathcon() to look up selinux context for specific pathname,
it'd better actively load file contexts database by matchpathcon_init()
and free memory when finished using matchpathcon by matchpathcon_fini().
---
 src/security/security_selinux.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 10135ed..b278e2c 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -667,6 +667,10 @@ virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
 static int
 virSecuritySELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
 {
+#ifndef HAVE_SELINUX_LABEL_H
+    if (matchpathcon_init(NULL) < 0)
+        VIR_WARN("cannot load selinux active file contexts configuration");
+#endif
     return virSecuritySELinuxInitialize(mgr);
 }
 
@@ -685,6 +689,10 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
     VIR_FREE(data->file_context);
     VIR_FREE(data->content_context);
 
+#ifndef HAVE_SELINUX_LABEL_H
+    if (matchpathcon_fini() < 0)
+        VIR_WARN("cannot free allocated memory for selinux");
+#endif
     return 0;
 }
 
-- 
1.7.11.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





