From: Michal Privoznik Date: Thu, 22 Sep 2011 08:57:24 +0000 (+0200) Subject: selinux: Correctly report warning if virt_use_nfs not set X-Git-Tag: v0.9.7-rc1~257 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1888363d8bfd2ac165ddfd495624a449b0df9d58;p=thirdparty%2Flibvirt.git selinux: Correctly report warning if virt_use_nfs not set Previous patch c9b37fee tried to deal with virt_use_nfs. But setfilecon() returns EOPNOTSUPP on NFS so we need to move the warning to else branch. --- diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 028f5b26f3..0807a34c63 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -419,24 +419,27 @@ SELinuxSetFilecon(const char *path, char *tcon) * The user hopefully set one of the necessary SELinux * virt_use_{nfs,usb,pci} boolean tunables to allow it... */ - if (setfilecon_errno != EOPNOTSUPP) { - const char *errmsg; - if ((virStorageFileIsSharedFSType(path, - VIR_STORAGE_FILE_SHFS_NFS) == 1) && - security_get_boolean_active("virt_use_nfs") != 1) { - errmsg = _("unable to set security context '%s' on '%s'. " - "Consider setting virt_use_nfs"); - } else { - errmsg = _("unable to set security context '%s' on '%s'"); - } + if (setfilecon_errno != EOPNOTSUPP && setfilecon_errno != ENOTSUP) { virReportSystemError(setfilecon_errno, - errmsg, + _("unable to set security context '%s' on '%s'"), tcon, path); if (security_getenforce() == 1) return -1; } else { - VIR_INFO("Setting security context '%s' on '%s' not supported", - tcon, path); + const char *msg; + if ((virStorageFileIsSharedFSType(path, + VIR_STORAGE_FILE_SHFS_NFS) == 1) && + security_get_boolean_active("virt_use_nfs") != 1) { + msg = _("Setting security context '%s' on '%s' not supported. " + "Consider setting virt_use_nfs"); + if (security_getenforce() == 1) + VIR_WARN(msg, tcon, path); + else + VIR_INFO(msg, tcon, path); + } else { + VIR_INFO("Setting security context '%s' on '%s' not supported", + tcon, path); + } } } return 0;