On 06.03.2014 07:02, Michael Chapman wrote:
If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. This patch series adds a runtime check for SELinux to this function. I've added security_disable() to securityselinuxhelper so virIdentityGetSystem can be tested twice, once with SELinux enabled and once with it disabled. A few other libselinux functions have also been added, so now securityselinuxlabeltest and securityselinuxtest do not need to be skipped even when SELinux isn't enabled on the test system. Michael Chapman (4): tests: Flesh out securityselinuxhelper tests: SELinux tests do not need to be skipped virIdentityGetSystem: don't fail if SELinux is disabled tests: Test virIdentityGetSystem src/util/viridentity.c | 18 ++- tests/Makefile.am | 4 + tests/securityselinuxhelper.c | 162 ++++++++++++++++++++- tests/securityselinuxhelperdata/lxc_contexts | 5 + .../virtual_domain_context | 2 + .../virtual_image_context | 2 + tests/securityselinuxlabeltest.c | 3 - tests/securityselinuxtest.c | 3 - tests/viridentitytest.c | 75 +++++++++- 9 files changed, 254 insertions(+), 20 deletions(-) create mode 100644 tests/securityselinuxhelperdata/lxc_contexts create mode 100644 tests/securityselinuxhelperdata/virtual_domain_context create mode 100644 tests/securityselinuxhelperdata/virtual_image_context
ACKed and pushed. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list