As pointed by Tim Waugh in https://bugzilla.redhat.com/show_bug.cgi?id=507555 there are times where setting an SELinux file context is not possible, so if the context is already set appropriately the operation should be skipped Patch from Tim looks fine by me though I'm not versed in SELinux Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

diff -up libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon libvirt-0.6.2/src/security_selinux.c --- libvirt-0.6.2/src/security_selinux.c.unnecessary-setfilecon 2009-06-23 10:23:59.969448493 +0100 +++ libvirt-0.6.2/src/security_selinux.c 2009-06-23 10:59:27.895447757 +0100 @@ -280,10 +280,19 @@ static int SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon) { char ebuf[1024]; + security_context_t econ; VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); if(setfilecon(path, tcon) < 0) { + if (getfilecon(path, &econ) >= 0) { + if (!strcmp(tcon, econ)) { + freecon(econ); + /* It's alright, there's nothing to change anyway. */ + return 0; + } + freecon(econ); + } virSecurityReportError(conn, VIR_ERR_ERROR, _("%s: unable to set security context " "'\%s\' on %s: %s."), __func__,