On Tue, Jun 04, 2013 at 01:23:59PM +0200, Ján Tomko wrote: > From: James Gilliland <neclimdul@xxxxxxxxx> > > https://bugzilla.redhat.com/show_bug.cgi?id=969878 > --- > src/security/security_selinux.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c > index b862fbf..3c67f24 100644 > --- a/src/security/security_selinux.c > +++ b/src/security/security_selinux.c > @@ -189,6 +189,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, > context_t ourContext = NULL; > char *cat = NULL; > char *tmp; > + const char *contextRange; > int ret = -1; > > if (getcon_raw(&ourSecContext) < 0) { > @@ -202,8 +203,14 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, > ourSecContext); > goto cleanup; > } > + if (!(contextRange = context_range_get(ourContext))) { > + virReportSystemError(errno, > + _("Unable to parse current SELinux context range '%s'"), > + ourSecContext); > + goto cleanup; > + } Re-thinking this again. Raising an error here will technically be a regression in functionality vs older libvirt. I think we need to automatically fill in "s0" for *sens if contextRange is NULL, instead of raising an error. Also add to the comment before this function that 'system_u:system_r:virtd_t' is a valid context too. > > - if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0) > + if (VIR_STRDUP(*sens, contextRange) < 0) > goto cleanup; > > /* Find and blank out the category part (if any) */ Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list