Re: [libvirt] [PATCH] selinux: Don't fail RestoreAll if file doesn't have a default label

>> if (getContext(newpath, buf.st_mode, &fcon) < 0) { >> + /* Any user created path likely does not have a default label, >> + * which makes this an expected non error >> + */ >> VIR_WARN("cannot lookup default selinux label for %s", newpath); >> + rc = 0; > > In the case where there is no default label to restore, shouldn't we > still be removing our sVirt label rather than just ignoring the failure > but leaving our label intact? > I sent other mails about that. But since that topic is kind of a side point, is this patch okay to commit in the interim? It should only improve our behavior WRT restoring default labels, since we will now continue on even if something in the chain doesn't have a default.