Re: [PATCH v3 2/2] selinux: Only create the selabel_handle once.

"Daniel P. Berrange" <berrange@xxxxxxxxxx> · Thu, 24 Jan 2013 10:19:10 +0000

On Thu, Jan 24, 2013 at 10:10:58AM +0000, Richard W.M. Jones wrote:
> From: "Richard W.M. Jones" <rjones@xxxxxxxxxx>
> 
> According to Eric Paris this is slightly more efficient because it
> only loads the regular expressions in libselinux once.
> ---
>  src/security/security_selinux.c | 129 ++++++++++++++++++++++++++--------------
>  1 file changed, 83 insertions(+), 46 deletions(-)
> 
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index a3ef728..d1f80b2 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -63,6 +63,9 @@ struct _virSecuritySELinuxData {
>      char *content_context;
>      virHashTablePtr mcs;
>      bool skipAllLabel;
> +#if HAVE_SELINUX_LABEL_H
> +    struct selabel_handle *label_handle;
> +#endif
>  };
>  
>  struct _virSecuritySELinuxCallbackData {
> @@ -367,12 +370,21 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
>  
>      data->skipAllLabel = true;
>  
> +#if HAVE_SELINUX_LABEL_H
> +    data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
> +    if (!data->label_handle) {
> +        virReportSystemError(errno,
> +                             _("cannot open SELinux label_handle"));

This is missing "%s",

> +        return -1;
> +    }
> +#endif
> +
>      selinux_conf = virConfReadFile(selinux_lxc_contexts_path(), 0);
>      if (!selinux_conf) {
>          virReportSystemError(errno,
>                               _("cannot open SELinux lxc contexts file '%s'"),
>                               selinux_lxc_contexts_path());
> -        return -1;
> +        goto error;
>      }
>  
>      scon = virConfGetValue(selinux_conf, "process");
> @@ -418,6 +430,9 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
>      return 0;
>  
>  error:
> +#if HAVE_SELINUX_LABEL_H
> +    selabel_close(data->label_handle);
> +#endif
>      virConfFree(selinux_conf);
>      VIR_FREE(data->domain_context);
>      VIR_FREE(data->file_context);
> @@ -444,6 +459,15 @@ virSecuritySELinuxQEMUInitialize(virSecurityManagerPtr mgr)
>  
>      data->skipAllLabel = false;
>  
> +#if HAVE_SELINUX_LABEL_H
> +    data->label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
> +    if (!data->label_handle) {
> +        virReportSystemError(errno,
> +                             _("cannot open SELinux label_handle"));

This is missing "%s",

Rest of the patch looks fine though.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list