On Fri, Jul 03, 2009 at 10:36:47AM +0100, Mark McLoughlin wrote:
From: Tim Waugh <twaugh@redhat.com>
As pointed out by Tim Waugh here:
https://bugzilla.redhat.com/507555
We shouldn't bother trying to set the context of a file if it already matches what we want.
(Fixed to use STREQ() and not use tabs, as pointed out by danpb)
Signed-off-by: Mark McLoughlin <markmc@redhat.com> --- src/security_selinux.c | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-)
ACK
diff --git a/src/security_selinux.c b/src/security_selinux.c index 87073d2..174dd57 100644 --- a/src/security_selinux.c +++ b/src/security_selinux.c @@ -318,10 +318,19 @@ static int SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon) { char ebuf[1024]; + security_context_t econ;
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
- if(setfilecon(path, tcon) < 0) { + if (setfilecon(path, tcon) < 0) { + if (getfilecon(path, &econ) >= 0) { + if (STREQ(tcon, econ)) { + freecon(econ); + /* It's alright, there's nothing to change anyway. */ + return 0; + } + freecon(econ); + } virSecurityReportError(conn, VIR_ERR_ERROR, _("%s: unable to set security context " "'\%s\' on %s: %s."), __func__, -- 1.6.2.5
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|