From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 2 Apr 2021 14:15:22 +0000 (+0200)
Subject: confile: complain when LXC is built without selinux support
X-Git-Tag: lxc-5.0.0~219^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6df2b8fdf11bbe01a1caf3130c6fed34a9850f1;p=thirdparty%2Flxc.git

confile: complain when LXC is built without selinux support

Link: https://github.com/lxc/lxc/issues/3765
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a679d235d..ea1df7f07 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1628,13 +1628,21 @@ static int set_config_apparmor_raw(const char *key,
 static int set_config_selinux_context(const char *key, const char *value,
 				      struct lxc_conf *lxc_conf, void *data)
 {
+#if HAVE_SELINUX
 	return set_config_string_item(&lxc_conf->lsm_se_context, value);
+#else
+	return syserror_set(-EINVAL, "Built without SELinux support");
+#endif
 }
 
 static int set_config_selinux_context_keyring(const char *key, const char *value,
 					      struct lxc_conf *lxc_conf, void *data)
 {
+#if HAVE_SELINUX
 	return set_config_string_item(&lxc_conf->lsm_se_keyring_context, value);
+#else
+	return syserror_set(-EINVAL, "Built without SELinux support");
+#endif
 }
 
 static int set_config_keyring_session(const char *key, const char *value,
@@ -3732,13 +3740,21 @@ static int get_config_apparmor_raw(const char *key, char *retv,
 static int get_config_selinux_context(const char *key, char *retv, int inlen,
 				      struct lxc_conf *c, void *data)
 {
+#if HAVE_SELINUX
 	return lxc_get_conf_str(retv, inlen, c->lsm_se_context);
+#else
+	return syserror_set(-EINVAL, "Built without SELinux support");
+#endif
 }
 
 static int get_config_selinux_context_keyring(const char *key, char *retv, int inlen,
 					      struct lxc_conf *c, void *data)
 {
+#if HAVE_SELINUX
 	return lxc_get_conf_str(retv, inlen, c->lsm_se_keyring_context);
+#else
+	return syserror_set(-EINVAL, "Built without SELinux support");
+#endif
 }
 
 static int get_config_keyring_session(const char *key, char *retv, int inlen,
@@ -4740,15 +4756,23 @@ static inline int clr_config_apparmor_raw(const char *key,
 static inline int clr_config_selinux_context(const char *key,
 					     struct lxc_conf *c, void *data)
 {
+#if HAVE_SELINUX
 	free_disarm(c->lsm_se_context);
 	return 0;
+#else
+	return syserror_set(-EINVAL, "Built without SELinux support");
+#endif
 }
 
 static inline int clr_config_selinux_context_keyring(const char *key,
 						     struct lxc_conf *c, void *data)
 {
+#if HAVE_SELINUX
 	free_disarm(c->lsm_se_keyring_context);
 	return 0;
+#else
+	return syserror_set(-EINVAL, "Built without SELinux support");
+#endif
 }
 
 static inline int clr_config_keyring_session(const char *key,