Re: [libvirt] [PATCH] selinux: Use raw contexts
On 10/12/2012 09:17 AM, Martin Kletzander wrote:
On 10/12/2012 04:53 PM, Eric Blake wrote:
> On 10/12/2012 08:39 AM, Martin Kletzander wrote:
>> We are currently able to work only with non-translated SELinux
>> contexts, but we are using functions that work with translated
>> contexts throughout the code. This patch swaps all SELinux context
>> translation relative calls with their raw sisters to avoid parsing
>> problems.
>>
>> The problems can be experienced with mcstrans for example.
>> Thanks Laurent Bigonville for finding this out.
The difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.
Very useful, and worth including in the commit message.
I'm trying to confirm that the _raw variants were here since the
dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.
[1] http://oss.tresys.com/git/selinux.git
Also useful. Put this in the commit message as well, and you have my
ACK, since I just verified that fgetfilecon_raw exists on RHEL 5, which
is all the further we have to worry about historically.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 617 bytes)