[libvirt] [PATCH] selinux: Use raw contexts
Eric Blake
eblake at redhat.com
Fri Oct 12 14:53:58 UTC 2012
On 10/12/2012 08:39 AM, Martin Kletzander wrote:
> We are currently able to work only with non-translated SELinux
> contexts, but we are using functions that work with translated
> contexts throughout the code. This patch swaps all SELinux context
> translation relative calls with their raw sisters to avoid parsing
> problems.
>
> The problems can be experienced with mcstrans for example.
> Thanks Laurent Bigonville for finding this out.
> ---
> configure.ac | 4 ++--
> src/security/security_selinux.c | 26 +++++++++++++-------------
> src/storage/storage_backend.c | 2 +-
> tests/securityselinuxhelper.c | 6 +++---
> tests/securityselinuxtest.c | 2 +-
> 5 files changed, 20 insertions(+), 20 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index bcdea9c..08dc63d 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1440,14 +1440,14 @@ if test "$with_selinux" != "no"; then
> old_libs="$LIBS"
> if test "$with_selinux" = "check"; then
> AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no])
> - AC_CHECK_LIB([selinux], [fgetfilecon],[],[with_selinux=no])
> + AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no])
On my F17 box, 'man fgetfilecon' has a listing, but 'man
fgetfilecon_raw' does not. What is the difference between these
functions, and how far back into the past does fgetfilecon_raw exist?
Do we need to make this patch conditional, and fall back on fgetfilecon
(as it is better than nothing) on older systems that lack the *_raw
variants?
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 617 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20121012/cec6fa71/attachment-0001.sig>
More information about the libvir-list
mailing list