[libvirt] [PATCH] Avoid unecessary SELinux setfilecon
Daniel P. Berrange
berrange at redhat.com
Tue Jun 23 13:06:23 UTC 2009
On Tue, Jun 23, 2009 at 03:02:52PM +0200, Daniel Veillard wrote:
> As pointed by Tim Waugh in
> https://bugzilla.redhat.com/show_bug.cgi?id=507555
> there are times where setting an SELinux file context is not possible,
> so if the context is already set appropriately the operation should be
> skipped
>
> Patch from Tim looks fine by me though I'm not versed in SELinux
>
> Daniel
>
> --
> Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
> daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
> http://veillard.com/ | virtualization library http://libvirt.org/
> diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c
> --- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon 2009-06-23 10:23:59.969448493 +0100
> +++ libvirt-0.6.2/src/security_selinux.c 2009-06-23 10:59:27.895447757 +0100
> @@ -280,10 +280,19 @@ static int
> SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
> {
> char ebuf[1024];
> + security_context_t econ;
>
> VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
>
> if(setfilecon(path, tcon) < 0) {
> + if (getfilecon(path, &econ) >= 0) {
> + if (!strcmp(tcon, econ)) {
> + freecon(econ);
> + /* It's alright, there's nothing to change anyway. */
> + return 0;
> + }
> + freecon(econ);
> + }
> virSecurityReportError(conn, VIR_ERR_ERROR,
> _("%s: unable to set security context "
> "'\%s\' on %s: %s."), __func__,
The patch has a bit of whitespace damage, and should use STREQ, but
functionally it looks correct.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list