On 10/15/2012 09:12 AM, Guannan Ren wrote:
> If we use matchpathcon() to look up selinux context for specific pathname,
> it'd better actively load file contexts database by matchpathcon_init()
> and free memory when finished using matchpathcon by matchpathcon_fini().
> ---
> src/security/security_selinux.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index 10135ed..b278e2c 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -667,6 +667,10 @@ virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
> static int
> virSecuritySELinuxSecurityDriverOpen(virSecurityManagerPtr mgr)
> {
> +#ifndef HAVE_SELINUX_LABEL_H
> + if (matchpathcon_init(NULL) < 0)
> + VIR_WARN("cannot load selinux active file contexts configuration");
> +#endif
> return virSecuritySELinuxInitialize(mgr);
> }
>
> @@ -685,6 +689,10 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr)
> VIR_FREE(data->file_context);
> VIR_FREE(data->content_context);
>
> +#ifndef HAVE_SELINUX_LABEL_H
> + if (matchpathcon_fini() < 0)
> + VIR_WARN("cannot free allocated memory for selinux");
> +#endif
> return 0;
> }
>
>
ACK,
Martin
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list