[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 2/2] Don't unnecessarily try to change a file context



From: Tim Waugh <twaugh redhat com>

As pointed out by Tim Waugh here:

  https://bugzilla.redhat.com/507555

We shouldn't bother trying to set the context of a file if it already
matches what we want.

(Fixed to use STREQ() and not use tabs, as pointed out by danpb)

Signed-off-by: Mark McLoughlin <markmc redhat com>
---
 src/security_selinux.c |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/src/security_selinux.c b/src/security_selinux.c
index 87073d2..174dd57 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -318,10 +318,19 @@ static int
 SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
 {
     char ebuf[1024];
+    security_context_t econ;
 
     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
 
-    if(setfilecon(path, tcon) < 0) {
+    if (setfilecon(path, tcon) < 0) {
+        if (getfilecon(path, &econ) >= 0) {
+            if (STREQ(tcon, econ)) {
+                freecon(econ);
+                /* It's alright, there's nothing to change anyway. */
+                return 0;
+            }
+            freecon(econ);
+        }
         virSecurityReportError(conn, VIR_ERR_ERROR,
                                _("%s: unable to set security context "
                                  "'\%s\' on %s: %s."), __func__,
-- 
1.6.2.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]