virIdentityGetSystem: don't fail if SELinux is disabled

If SELinux is compiled into libvirt but it is disabled on the host,
libvirtd logs:

  error : virIdentityGetSystem:173 : Unable to lookup SELinux process
  context: Invalid argument

on each and every client connection.

Use is_selinux_enabled() to skip retrieval of the process's SELinux
context if SELinux is disabled.

Signed-off-by: Michael Chapman <mike@very.puzzling.org>

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 4f5127cde7a712ae41eb4381efbda6b5e9e2befe..bd6adcf3659777a77ef46a1f2f2bbe4ff7482300 100644 (file)
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -168,16 +168,18 @@ virIdentityPtr virIdentityGetSystem(void)
         goto cleanup;
 
 #if WITH_SELINUX
-    if (getcon(&con) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Unable to lookup SELinux process context"));
-        goto cleanup;
-    }
-    if (VIR_STRDUP(seccontext, con) < 0) {
+    if (is_selinux_enabled()) {
+        if (getcon(&con) < 0) {
+            virReportSystemError(errno, "%s",
+                                 _("Unable to lookup SELinux process context"));
+            goto cleanup;
+        }
+        if (VIR_STRDUP(seccontext, con) < 0) {
+            freecon(con);
+            goto cleanup;
+        }
         freecon(con);
-        goto cleanup;
     }
-    freecon(con);
 #endif
 
     if (!(ret = virIdentityNew()))