Re: [libvirt] [PATCH] selinux: Use raw contexts

On 10/12/2012 08:39 AM, Martin Kletzander wrote: > We are currently able to work only with non-translated SELinux > contexts, but we are using functions that work with translated > contexts throughout the code. This patch swaps all SELinux context > translation relative calls with their raw sisters to avoid parsing > problems. > > The problems can be experienced with mcstrans for example. > Thanks Laurent Bigonville for finding this out. > --- > configure.ac | 4 ++-- > src/security/security_selinux.c | 26 +++++++++++++------------- > src/storage/storage_backend.c | 2 +- > tests/securityselinuxhelper.c | 6 +++--- > tests/securityselinuxtest.c | 2 +- > 5 files changed, 20 insertions(+), 20 deletions(-) > > diff --git a/configure.ac b/configure.ac > index bcdea9c..08dc63d 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -1440,14 +1440,14 @@ if test "$with_selinux" != "no"; then > old_libs="$LIBS" > if test "$with_selinux" = "check"; then > AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no]) > - AC_CHECK_LIB([selinux], [fgetfilecon],[],[with_selinux=no]) > + AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no]) On my F17 box, 'man fgetfilecon' has a listing, but 'man fgetfilecon_raw' does not. What is the difference between these functions, and how far back into the past does fgetfilecon_raw exist? Do we need to make this patch conditional, and fall back on fgetfilecon (as it is better than nothing) on older systems that lack the *_raw variants?