From 1c7037cff42dde35913dde533b31ee1da8c2d6e0 Mon Sep 17 00:00:00 2001
From: Gao feng <gaofeng@cn.fujitsu.com>
Date: Thu, 12 Sep 2013 11:51:31 +0800
Subject: [PATCH] LXC: don't try to mount selinux filesystem when user
 namespace enabled

Right now we mount selinuxfs even user namespace is enabled and
ignore the error. But we shouldn't ignore these errors when user
namespace is not enabled.

This patch skips mounting selinuxfs when user namespace enabled.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 src/lxc/lxc_container.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index ddc6e3d603..a979452a45 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -868,7 +868,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
 
 #if WITH_SELINUX
         if (STREQ(mnt->src, SELINUX_MOUNT) &&
-            !is_selinux_enabled())
+            (!is_selinux_enabled() || userns_enabled))
             continue;
 #endif
 
@@ -885,12 +885,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
         VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s",
                   srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts);
         if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) {
-#if WITH_SELINUX
-            if (STREQ(mnt->src, SELINUX_MOUNT) &&
-                (errno == EINVAL || errno == EPERM))
-                continue;
-#endif
-
             virReportSystemError(errno,
                                  _("Failed to mount %s on %s type %s flags=%x opts=%s"),
                                  srcpath, mnt->dst, NULLSTR(mnt->type),
-- 
2.47.2