Re: [libvirt] [PATCH] is_selinux_enabled returns -1 on error, account for this.

Per the documentation, is_selinux_enabled() returns -1 on error. Account for this. Previously when -1 was being returned the condition would still be true. I was noticing this because on my system that has selinux disabled I was getting this in the libvirt.log every 5 seconds: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument With this patch applied, I no longer get these messages every 5 seconds. I am submitting this in case its deemed useful for inclusion. Anyone have any comments on this change? This is a patch off current master. From 23e0780db43ebd3ea90710750639df901c261674 Mon Sep 17 00:00:00 2001 From: Scott Sullivan <ssullivan(a)liquidweb.com&gt; Date: Tue, 18 Mar 2014 12:55:50 -0400 Subject: [PATCH] is_selinux_enabled returns -1 on error, account for this. --- src/security/security_selinux.c | 2 +- src/util/viridentity.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 02c7496..5f46bef 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -784,7 +784,7 @@ error: static int virSecuritySELinuxSecurityDriverProbe(const char *virtDriver) { - if (!is_selinux_enabled()) + if (is_selinux_enabled() <= 0) return SECURITY_DRIVER_DISABLE; if (virtDriver && STREQ(virtDriver, "LXC")) { diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 351fdd7..05e7568 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -169,7 +169,7 @@ virIdentityPtr virIdentityGetSystem(void) goto cleanup; #if WITH_SELINUX - if (is_selinux_enabled()) { + if (is_selinux_enabled() > 0) { if (getcon(&con) < 0) { virReportSystemError(errno, "%s", _("Unable to lookup SELinux process context"));