If virSecuritySELinuxRestoreFileLabel returns 0 or -1 too soon, then the @newpath will be leaked. Suggested-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/security/security_selinux.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 4de8b6f9cd..f3690a4cb1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1477,10 +1477,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, goto cleanup; } - if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) < 0) - return -1; - else if (rc > 0) - return 0; + if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) < 0) { + goto cleanup; + } else if (rc > 0) { + ret = 0; + goto cleanup; + } if (recall) { if ((rc = virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) { -- 2.19.2