[libvirt] [PATCH] Avoid unecessary SELinux setfilecon

[Daniel Veillard]

  As pointed by Tim Waugh in
  https://bugzilla.redhat.com/show_bug.cgi?id=507555
there are times where setting an SELinux file context is not possible,
so if the context is already set appropriately the operation should be
skipped

  Patch from Tim looks fine by me though I'm not versed in SELinux

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/
-------------- next part --------------
diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c
--- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon	2009-06-23 10:23:59.969448493 +0100
+++ libvirt-0.6.2/src/security_selinux.c	2009-06-23 10:59:27.895447757 +0100
@@ -280,10 +280,19 @@ static int
 SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
 {
     char ebuf[1024];
+    security_context_t econ;
 
     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
 
     if(setfilecon(path, tcon) < 0) {
+	if (getfilecon(path, &econ) >= 0) {
+	    if (!strcmp(tcon, econ)) {
+		freecon(econ);
+		/* It's alright, there's nothing to change anyway. */
+		return 0;
+	    }
+	    freecon(econ);
+	}
         virSecurityReportError(conn, VIR_ERR_ERROR,
                                _("%s: unable to set security context "
                                  "'\%s\' on %s: %s."), __func__,