[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Avoid unecessary SELinux setfilecon



On Tue, Jun 23, 2009 at 03:02:52PM +0200, Daniel Veillard wrote:
>   As pointed by Tim Waugh in
>   https://bugzilla.redhat.com/show_bug.cgi?id=507555
> there are times where setting an SELinux file context is not possible,
> so if the context is already set appropriately the operation should be
> skipped
> 
>   Patch from Tim looks fine by me though I'm not versed in SELinux
> 
> Daniel
> 
> -- 
> Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
> daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
> http://veillard.com/ | virtualization library  http://libvirt.org/

> diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c
> --- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon	2009-06-23 10:23:59.969448493 +0100
> +++ libvirt-0.6.2/src/security_selinux.c	2009-06-23 10:59:27.895447757 +0100
> @@ -280,10 +280,19 @@ static int
>  SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
>  {
>      char ebuf[1024];
> +    security_context_t econ;
>  
>      VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
>  
>      if(setfilecon(path, tcon) < 0) {
> +	if (getfilecon(path, &econ) >= 0) {
> +	    if (!strcmp(tcon, econ)) {
> +		freecon(econ);
> +		/* It's alright, there's nothing to change anyway. */
> +		return 0;
> +	    }
> +	    freecon(econ);
> +	}
>          virSecurityReportError(conn, VIR_ERR_ERROR,
>                                 _("%s: unable to set security context "
>                                   "'\%s\' on %s: %s."), __func__,


The patch has a bit of whitespace damage, and should use STREQ, but
functionally it looks correct.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]