On 11/10/2010 12:52 PM, Laine Stump wrote:
If virDomainAttachDevice() was called with an image that was located on a root-squashed NFS server, and in a directory that was unreadable by root on the machine running libvirtd, the attach would fail due to an attempt to change the selinux label of the image with EACCES (which isn't covered as an ignore case in SELinuxSetFilecon())
NFS doesn't support SELinux labelling anyway, so we mimic the failure handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which just ignores the errors if the target is on an NFS filesystem (in SELinuxSetSecurityAllLabel() only, though.)
+ if (ret < 0 && + virStorageFileIsSharedFSType(path, + VIR_STORAGE_FILE_SHFS_NFS) != 1) + return ret; + else + return 0;
I had to scratch my head on this one. It might be easier to read as: if (ret < 0 && virStorageFileIsSharedFSType(path, VIR_STORAGE_FILE_SHFS_NFS) == 1) return 0; return ret; ACK, with that tweak. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org