[libvirt] [PATCH 0/4] Fix for virIdentityGetSystem when SELinux is disabled
Michal Privoznik
mprivozn at redhat.com
Fri Mar 7 14:34:53 UTC 2014
On 06.03.2014 07:02, Michael Chapman wrote:
> If SELinux is compiled into libvirt but it is disabled on the host, libvirtd
> logs:
>
> error : virIdentityGetSystem:173 : Unable to lookup SELinux process
> context: Invalid argument
>
> on each and every client connection.
>
> This patch series adds a runtime check for SELinux to this function.
>
> I've added security_disable() to securityselinuxhelper so virIdentityGetSystem
> can be tested twice, once with SELinux enabled and once with it disabled. A few
> other libselinux functions have also been added, so now
> securityselinuxlabeltest and securityselinuxtest do not need to be skipped even
> when SELinux isn't enabled on the test system.
>
> Michael Chapman (4):
> tests: Flesh out securityselinuxhelper
> tests: SELinux tests do not need to be skipped
> virIdentityGetSystem: don't fail if SELinux is disabled
> tests: Test virIdentityGetSystem
>
> src/util/viridentity.c | 18 ++-
> tests/Makefile.am | 4 +
> tests/securityselinuxhelper.c | 162 ++++++++++++++++++++-
> tests/securityselinuxhelperdata/lxc_contexts | 5 +
> .../virtual_domain_context | 2 +
> .../virtual_image_context | 2 +
> tests/securityselinuxlabeltest.c | 3 -
> tests/securityselinuxtest.c | 3 -
> tests/viridentitytest.c | 75 +++++++++-
> 9 files changed, 254 insertions(+), 20 deletions(-)
> create mode 100644 tests/securityselinuxhelperdata/lxc_contexts
> create mode 100644 tests/securityselinuxhelperdata/virtual_domain_context
> create mode 100644 tests/securityselinuxhelperdata/virtual_image_context
>
ACKed and pushed.
Michal
More information about the libvir-list
mailing list