[libvirt] [PATCH] is_selinux_enabled returns -1 on error, account for this.
Scott Sullivan
ssullivan at liquidweb.com
Thu Mar 20 18:48:32 UTC 2014
On 03/20/2014 11:27 AM, Michal Privoznik wrote:
> On 18.03.2014 18:02, Scott Sullivan wrote:
>> Per the documentation, is_selinux_enabled() returns -1 on error. Account
>> for this. Previously when -1 was being returned the condition would
>> still be true. I was noticing this because on my system that has selinux
>> disabled I was getting this in the libvirt.log every 5 seconds:
>>
>> error : virIdentityGetSystem:173 : Unable to lookup SELinux process
>> context: Invalid argument
>>
>> With this patch applied, I no longer get these messages every 5 seconds.
>> I am submitting this in case its deemed useful for inclusion. Anyone
>> have any comments on this change? This is a patch off current master.
>>
>>
>> From 23e0780db43ebd3ea90710750639df901c261674 Mon Sep 17 00:00:00 2001
>> From: Scott Sullivan <ssullivan at liquidweb.com>
>> Date: Tue, 18 Mar 2014 12:55:50 -0400
>> Subject: [PATCH] is_selinux_enabled returns -1 on error, account for
>> this.
>>
>> ---
>> src/security/security_selinux.c | 2 +-
>> src/util/viridentity.c | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/security/security_selinux.c
>> b/src/security/security_selinux.c
>> index 02c7496..5f46bef 100644
>> --- a/src/security/security_selinux.c
>> +++ b/src/security/security_selinux.c
>> @@ -784,7 +784,7 @@ error:
>> static int
>> virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
>> {
>> - if (!is_selinux_enabled())
>> + if (is_selinux_enabled() <= 0)
>> return SECURITY_DRIVER_DISABLE;
>>
>> if (virtDriver && STREQ(virtDriver, "LXC")) {
>> diff --git a/src/util/viridentity.c b/src/util/viridentity.c
>> index 351fdd7..05e7568 100644
>> --- a/src/util/viridentity.c
>> +++ b/src/util/viridentity.c
>> @@ -169,7 +169,7 @@ virIdentityPtr virIdentityGetSystem(void)
>> goto cleanup;
>>
>> #if WITH_SELINUX
>> - if (is_selinux_enabled()) {
>> + if (is_selinux_enabled() > 0) {
>> if (getcon(&con) < 0) {
>> virReportSystemError(errno, "%s",
>> _("Unable to lookup SELinux process
>> context"));
>
>
> ACK, although I had some difficulties with applying this patch. I'd
> strongly recommend using 'git send-email' next time as it makes sure
> patch will apply cleanly.
>
> Michal
Thanks Michal, i'll be sure to do so.
More information about the libvir-list
mailing list