is_selinux_enabled() returns -1 on error, account for this.

Per the documentation, is_selinux_enabled() returns -1 on error. Account for this. Previously when -1 was being returned the condition would still be true. I was noticing this because on my system that has selinux disabled I was getting this in the libvirt.log every 5 seconds: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument With this patch applied, I no longer get these messages every 5 seconds. I am submitting this in case its deemed useful for inclusion. Anyone have any comments on this change? This is a patch off current master. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2024-07-11 04:15:49 +00:00 · 2014-03-20 16:05:14 +01:00 · 2014-03-20 16:05:14 +01:00 · 0099a4ae2b
commit 0099a4ae2b
parent bc93c34ef6
2 changed files with 2 additions and 2 deletions
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -784,7 +784,7 @@ error:
 static int
 virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
 {
-    if (!is_selinux_enabled())
+    if (is_selinux_enabled() <= 0)
        return SECURITY_DRIVER_DISABLE;

    if (virtDriver && STREQ(virtDriver, "LXC")) {
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@ -169,7 +169,7 @@ virIdentityPtr virIdentityGetSystem(void)
        goto cleanup;

 #if WITH_SELINUX
-    if (is_selinux_enabled()) {
+    if (is_selinux_enabled() > 0) {
        if (getcon(&con) < 0) {
            virReportSystemError(errno, "%s",
                                 _("Unable to lookup SELinux process context"));