If SELinux is compiled into libvirt but it is disabled on the host,
libvirtd logs:
error : virIdentityGetSystem:173 : Unable to lookup SELinux process
context: Invalid argument
on each and every client connection.
Use is_selinux_enabled() to skip retrieval of the process's SELinux
context if SELinux is disabled.
Signed-off-by: Michael Chapman <mike@xxxxxxxxxxxxxxxxx>
---
src/util/viridentity.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 4f5127c..bd6adcf 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -168,16 +168,18 @@ virIdentityPtr virIdentityGetSystem(void)
goto cleanup;
#if WITH_SELINUX
- if (getcon(&con) < 0) {
- virReportSystemError(errno, "%s",
- _("Unable to lookup SELinux process context"));
- goto cleanup;
- }
- if (VIR_STRDUP(seccontext, con) < 0) {
+ if (is_selinux_enabled()) {
+ if (getcon(&con) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Unable to lookup SELinux process context"));
+ goto cleanup;
+ }
+ if (VIR_STRDUP(seccontext, con) < 0) {
+ freecon(con);
+ goto cleanup;
+ }
freecon(con);
- goto cleanup;
}
- freecon(con);
#endif
if (!(ret = virIdentityNew()))
--
1.8.5.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list