On 06.03.2014 07:02, Michael Chapman wrote:
If SELinux is compiled into libvirt but it is disabled on the host,
libvirtd
logs:
error : virIdentityGetSystem:173 : Unable to lookup SELinux process
context: Invalid argument
on each and every client connection.
This patch series adds a runtime check for SELinux to this function.
I've added security_disable() to securityselinuxhelper so virIdentityGetSystem
can be tested twice, once with SELinux enabled and once with it disabled. A few
other libselinux functions have also been added, so now
securityselinuxlabeltest and securityselinuxtest do not need to be skipped even
when SELinux isn't enabled on the test system.
Michael Chapman (4):
tests: Flesh out securityselinuxhelper
tests: SELinux tests do not need to be skipped
virIdentityGetSystem: don't fail if SELinux is disabled
tests: Test virIdentityGetSystem
src/util/viridentity.c | 18 ++-
tests/Makefile.am | 4 +
tests/securityselinuxhelper.c | 162 ++++++++++++++++++++-
tests/securityselinuxhelperdata/lxc_contexts | 5 +
.../virtual_domain_context | 2 +
.../virtual_image_context | 2 +
tests/securityselinuxlabeltest.c | 3 -
tests/securityselinuxtest.c | 3 -
tests/viridentitytest.c | 75 +++++++++-
9 files changed, 254 insertions(+), 20 deletions(-)
create mode 100644 tests/securityselinuxhelperdata/lxc_contexts
create mode 100644 tests/securityselinuxhelperdata/virtual_domain_context
create mode 100644 tests/securityselinuxhelperdata/virtual_image_context
ACKed and pushed.
Michal