[libvirt] [PATCH] Fix security context references in DAC code

spencer at beyondabstraction.net spencer at beyondabstraction.net
Wed Apr 21 17:44:43 UTC 2010


* The error messages coming from qemu's DAC support contain strings from the original SELinux security driver code.  This just removes references to "security context" and other SELinux-isms from the DAC code.

Signed-off-by: Spencer Shimko <sshimko at tresys.com>
---
 src/qemu/qemu_security_dac.c |   18 ++++++------------
 1 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 1883fbe..e408dbf 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -37,7 +37,7 @@ void qemuSecurityDACSetDriver(struct qemud_driver *newdriver)
 static int
 qemuSecurityDACSetOwnership(const char *path, int uid, int gid)
 {
-    VIR_INFO("Setting DAC context on '%s' to '%d:%d'", path, uid, gid);
+    VIR_INFO("Setting DAC user and group on '%s' to '%d:%d'", path, uid, gid);
 
     if (chown(path, uid, gid) < 0) {
         struct stat sb;
@@ -51,24 +51,18 @@ qemuSecurityDACSetOwnership(const char *path, int uid, int gid)
             }
         }
 
-        /* if the error complaint is related to an image hosted on
-         * an nfs mount, or a usbfs/sysfs filesystem not supporting
-         * labelling, then just ignore it & hope for the best.
-         * The user hopefully set one of the necessary qemuSecurityDAC
-         * virt_use_{nfs,usb,pci}  boolean tunables to allow it...
-         */
         if (chown_errno == EOPNOTSUPP) {
-            VIR_INFO("Setting security context '%d:%d' on '%s' not supported by filesystem",
+            VIR_INFO("Setting user and group to '%d:%d' on '%s' not supported by filesystem",
                      uid, gid, path);
         } else if (chown_errno == EPERM) {
-            VIR_INFO("Setting security context '%d:%d' on '%s' not permitted",
+            VIR_INFO("Setting user and group to '%d:%d' on '%s' not permitted",
                      uid, gid, path);
         } else if (chown_errno == EROFS) {
-            VIR_INFO("Setting security context '%d:%d' on '%s' not possible on readonly filesystem",
+            VIR_INFO("Setting user and group to '%d:%d' on '%s' not possible on readonly filesystem",
                      uid, gid, path);
         } else {
             virReportSystemError(chown_errno,
-                                 _("unable to set security context '%d:%d' on '%s'"),
+                                 _("unable to set user and group to '%d:%d' on '%s'"),
                                  uid, gid, path);
             return -1;
         }
@@ -84,7 +78,7 @@ qemuSecurityDACRestoreSecurityFileLabel(const char *path)
     int err;
     char *newpath = NULL;
 
-    VIR_INFO("Restoring DAC context on '%s'", path);
+    VIR_INFO("Restoring DAC user and group on '%s'", path);
 
     if ((err = virFileResolveLink(path, &newpath)) < 0) {
         virReportSystemError(err,
-- 
1.6.6.1




More information about the libvir-list mailing list