[libvirt] [PATCH] selinux: Don't fail RestoreAll if file doesn't have a default label
Osier Yang
jyang at redhat.com
Mon Oct 22 08:11:49 UTC 2012
On 2012年10月22日 04:44, Cole Robinson wrote:
> When restoring selinux labels after a VM is stopped, any non-standard
> path that doesn't have a default selinux label causes the process
> to stop and exit early. This isn't really an error condition IMO.
>
> Of course the selinux API could be erroring for some other reason
> but hopefully that's rare enough to not need explicit handling.
>
> Common example here is storing disk images in a non-standard location
> like under /mnt.
> ---
> src/security/security_selinux.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index eee8d71..7681f1b 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -936,7 +936,11 @@ virSecuritySELinuxRestoreSecurityFileLabel(const char *path)
> }
>
> if (getContext(newpath, buf.st_mode,&fcon)< 0) {
> + /* Any user created path likely does not have a default label,
> + * which makes this an expected non error
> + */
> VIR_WARN("cannot lookup default selinux label for %s", newpath);
> + rc = 0;
ACK, it's fair to set the return code to 0, per it already tends
to give a warning.
More information about the libvir-list
mailing list