On 10/15/2012 09:12 AM, Guannan Ren wrote:
If we use matchpathcon() to look up selinux context for specific pathname, it'd better actively load file contexts database by matchpathcon_init() and free memory when finished using matchpathcon by matchpathcon_fini(). --- src/security/security_selinux.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 10135ed..b278e2c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -667,6 +667,10 @@ virSecuritySELinuxSecurityDriverProbe(const char *virtDriver) static int virSecuritySELinuxSecurityDriverOpen(virSecurityManagerPtr mgr) { +#ifndef HAVE_SELINUX_LABEL_H + if (matchpathcon_init(NULL) < 0) + VIR_WARN("cannot load selinux active file contexts configuration"); +#endif return virSecuritySELinuxInitialize(mgr); }
@@ -685,6 +689,10 @@ virSecuritySELinuxSecurityDriverClose(virSecurityManagerPtr mgr) VIR_FREE(data->file_context); VIR_FREE(data->content_context);
+#ifndef HAVE_SELINUX_LABEL_H + if (matchpathcon_fini() < 0) + VIR_WARN("cannot free allocated memory for selinux"); +#endif return 0; }
ACK, Martin