On 2012年10月22日 04:44, Cole Robinson wrote:
When restoring selinux labels after a VM is stopped, any non-standard
path that doesn't have a default selinux label causes the process
to stop and exit early. This isn't really an error condition IMO.
Of course the selinux API could be erroring for some other reason
but hopefully that's rare enough to not need explicit handling.
Common example here is storing disk images in a non-standard location
like under /mnt.
---
src/security/security_selinux.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index eee8d71..7681f1b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -936,7 +936,11 @@ virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
}
if (getContext(newpath, buf.st_mode,&fcon)< 0) {
+ /* Any user created path likely does not have a default label,
+ * which makes this an expected non error
+ */
VIR_WARN("cannot lookup default selinux label for %s", newpath);
+ rc = 0;
ACK, it's fair to set the return code to 0, per it already tends
to give a warning.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list