On 10/12/2012 08:39 AM, Martin Kletzander wrote:
We are currently able to work only with non-translated SELinux contexts, but we are using functions that work with translated contexts throughout the code. This patch swaps all SELinux context translation relative calls with their raw sisters to avoid parsing problems.
The problems can be experienced with mcstrans for example. Thanks Laurent Bigonville for finding this out. --- configure.ac | 4 ++-- src/security/security_selinux.c | 26 +++++++++++++------------- src/storage/storage_backend.c | 2 +- tests/securityselinuxhelper.c | 6 +++--- tests/securityselinuxtest.c | 2 +- 5 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/configure.ac b/configure.ac index bcdea9c..08dc63d 100644 --- a/configure.ac +++ b/configure.ac @@ -1440,14 +1440,14 @@ if test "$with_selinux" != "no"; then old_libs="$LIBS" if test "$with_selinux" = "check"; then AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no]) - AC_CHECK_LIB([selinux], [fgetfilecon],[],[with_selinux=no]) + AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no])
On my F17 box, 'man fgetfilecon' has a listing, but 'man fgetfilecon_raw' does not. What is the difference between these functions, and how far back into the past does fgetfilecon_raw exist? Do we need to make this patch conditional, and fall back on fgetfilecon (as it is better than nothing) on older systems that lack the *_raw variants? -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org