[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] ignore SELinuxSetFilecon error in SELinuxSetSecurityFileLabel if on nfs



On 11/10/2010 12:52 PM, Laine Stump wrote:
> If virDomainAttachDevice() was called with an image that was located
> on a root-squashed NFS server, and in a directory that was unreadable
> by root on the machine running libvirtd, the attach would fail due to
> an attempt to change the selinux label of the image with EACCES (which
> isn't covered as an ignore case in SELinuxSetFilecon())
> 
> NFS doesn't support SELinux labelling anyway, so we mimic the failure
> handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which
> just ignores the errors if the target is on an NFS filesystem (in
> SELinuxSetSecurityAllLabel() only, though.)
> 
> +    if (ret < 0 &&
> +        virStorageFileIsSharedFSType(path,
> +                                     VIR_STORAGE_FILE_SHFS_NFS) != 1)
> +       return ret;
> +    else
> +       return 0;

I had to scratch my head on this one.  It might be easier to read as:

if (ret < 0 &&
    virStorageFileIsSharedFSType(path, VIR_STORAGE_FILE_SHFS_NFS) == 1)
    return 0;
return ret;

ACK, with that tweak.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]