On 24/04/13 20:43, Peter Krempa wrote:
virSecuritySELinuxGenNewContext() reports sensible errors but at
virSecuritySELinuxGenSecurityLabel() the error is masked with a
non-specific one.
---
src/security/security_selinux.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index c620a2e..89d63ab 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -685,13 +685,10 @@ (virSecurityManagerPtr mgr,
}
}
- seclabel->label =
- virSecuritySELinuxGenNewContext(baselabel, mcs, false);
- if (!seclabel->label) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot generate selinux context for %s"), mcs);
+ seclabel->label = virSecuritySELinuxGenNewContext(baselabel, mcs, false);
+ if (!seclabel->label)
goto cleanup;
- }
+
break;
case VIR_DOMAIN_SECLABEL_NONE:
Makes sense, there are good errors from virSecuritySELinuxGenNewContext,
but I see another use of virSecuritySELinuxGenNewContext in
virSecuritySELinuxGenNewContext, which overrides the error too, worth to
fix together.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list