On 10/12/2012 09:17 AM, Martin Kletzander wrote:
On 10/12/2012 04:53 PM, Eric Blake wrote:
On 10/12/2012 08:39 AM, Martin Kletzander wrote:
We are currently able to work only with non-translated SELinux contexts, but we are using functions that work with translated contexts throughout the code. This patch swaps all SELinux context translation relative calls with their raw sisters to avoid parsing problems.
The problems can be experienced with mcstrans for example. Thanks Laurent Bigonville for finding this out.
The difference is that if you have translations enabled (yum install mcstrans; service mcstrans start), fgetfilecon_raw() will get you something like 'system_u:object_r:virt_image_t:s0', whereas fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow' that we cannot parse.
Very useful, and worth including in the commit message.
I'm trying to confirm that the _raw variants were here since the dawn of time, but the only thing I see now is that it was imported together in the upstream repo [1] from svn, so before 2008.
Also useful. Put this in the commit message as well, and you have my ACK, since I just verified that fgetfilecon_raw exists on RHEL 5, which is all the further we have to worry about historically. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org