From: Michael Chapman <mike@very.puzzling.org>
Date: Thu, 6 Mar 2014 06:02:48 +0000 (+1100)
Subject: virIdentityGetSystem: don't fail if SELinux is disabled
X-Git-Tag: v1.2.3-rc1~335
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1af9800b553b2a72bf7fc47e5720dbdbd2f38b07;p=thirdparty%2Flibvirt.git

virIdentityGetSystem: don't fail if SELinux is disabled

If SELinux is compiled into libvirt but it is disabled on the host,
libvirtd logs:

  error : virIdentityGetSystem:173 : Unable to lookup SELinux process
  context: Invalid argument

on each and every client connection.

Use is_selinux_enabled() to skip retrieval of the process's SELinux
context if SELinux is disabled.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>
---

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 4f5127cde7..bd6adcf365 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -168,16 +168,18 @@ virIdentityPtr virIdentityGetSystem(void)
         goto cleanup;
 
 #if WITH_SELINUX
-    if (getcon(&con) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Unable to lookup SELinux process context"));
-        goto cleanup;
-    }
-    if (VIR_STRDUP(seccontext, con) < 0) {
+    if (is_selinux_enabled()) {
+        if (getcon(&con) < 0) {
+            virReportSystemError(errno, "%s",
+                                 _("Unable to lookup SELinux process context"));
+            goto cleanup;
+        }
+        if (VIR_STRDUP(seccontext, con) < 0) {
+            freecon(con);
+            goto cleanup;
+        }
         freecon(con);
-        goto cleanup;
     }
-    freecon(con);
 #endif
 
     if (!(ret = virIdentityNew()))