Re: [libvirt] [PATCH 1/3] Set proper selinux label on image file during qemu domain restore

On 06/25/2010 07:57 AM, Daniel P. Berrange wrote: >On Fri, Jun 25, 2010 at 07:42:13AM -0400, Laine Stump wrote: > >>- if (vm->def->os.kernel&& >>- SELinuxSetFilecon(vm->def->os.kernel, default_content_context)< >>0) >>- return -1; >>+ if (vm->def->os.kernel) { >>+ if (SELinuxSetFilecon(vm->def->os.kernel, >>default_content_context)< 0) >>+ return -1; >>+ } else if (stdin_path) { >>+ if (SELinuxSetFilecon(stdin_path, default_content_context)< 0) >>+ return -1; >>+ } >> >This doesn't make sense to me. Labelling of the kernel and labeling of >stdin_path are completely separate tasks, so shouldn't be in an if/elseif >arrangement. > Heh. The name didn't really make sense to me either, but my slight misunderstanding of the scope of the problem made me think that in some cases the filename would be in vm->def, and in others not, and that seemed the only place already being used. Now that I've looked back over the code, I see that this function is only called in one place, and the filename is *never* available in vm->def; it all makes much more sense now. I'm preparing a v2. The proper thing is to just add: if (stdin_path && SELinuxSetFilecon(stdin_path, default_content_context) < 0)) return -1; correct? Or is there a different context that would be better suited? (default content_context certainly works).