[libvirt] [PATCH] Avoid unecessary SELinux setfilecon
Daniel Veillard
veillard at redhat.com
Tue Jun 23 13:02:52 UTC 2009
As pointed by Tim Waugh in
https://bugzilla.redhat.com/show_bug.cgi?id=507555
there are times where setting an SELinux file context is not possible,
so if the context is already set appropriately the operation should be
skipped
Patch from Tim looks fine by me though I'm not versed in SELinux
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
-------------- next part --------------
diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c
--- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon 2009-06-23 10:23:59.969448493 +0100
+++ libvirt-0.6.2/src/security_selinux.c 2009-06-23 10:59:27.895447757 +0100
@@ -280,10 +280,19 @@ static int
SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
+ security_context_t econ;
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
if(setfilecon(path, tcon) < 0) {
+ if (getfilecon(path, &econ) >= 0) {
+ if (!strcmp(tcon, econ)) {
+ freecon(econ);
+ /* It's alright, there's nothing to change anyway. */
+ return 0;
+ }
+ freecon(econ);
+ }
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
"'\%s\' on %s: %s."), __func__,
More information about the libvir-list
mailing list