[libvirt] [PATCH] ignore SELinuxSetFilecon error in SELinuxSetSecurityFileLabel if on nfs
Eric Blake
eblake at redhat.com
Wed Nov 10 20:35:05 UTC 2010
On 11/10/2010 12:52 PM, Laine Stump wrote:
> If virDomainAttachDevice() was called with an image that was located
> on a root-squashed NFS server, and in a directory that was unreadable
> by root on the machine running libvirtd, the attach would fail due to
> an attempt to change the selinux label of the image with EACCES (which
> isn't covered as an ignore case in SELinuxSetFilecon())
>
> NFS doesn't support SELinux labelling anyway, so we mimic the failure
> handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which
> just ignores the errors if the target is on an NFS filesystem (in
> SELinuxSetSecurityAllLabel() only, though.)
>
> + if (ret < 0 &&
> + virStorageFileIsSharedFSType(path,
> + VIR_STORAGE_FILE_SHFS_NFS) != 1)
> + return ret;
> + else
> + return 0;
I had to scratch my head on this one. It might be easier to read as:
if (ret < 0 &&
virStorageFileIsSharedFSType(path, VIR_STORAGE_FILE_SHFS_NFS) == 1)
return 0;
return ret;
ACK, with that tweak.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101110/c44d0e54/attachment-0001.sig>
More information about the libvir-list
mailing list