mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 06:05:27 +00:00
selinux: Drop needless getfilecon()-s
When SELinux support was first introduced the libselinux library wasn't that advanced and setfilecon_raw() or fsetfilecon_raw() could fail even when the target context was set. Looking at the current code [1][2] this is no longer the case. We can drop our workarounds. 1: https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/setfilecon.c#L10 2: https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/fsetfilecon.c#L10 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
e8a8ee92bd
commit
087fac8fa7
@ -1249,8 +1249,6 @@ virSecuritySELinuxSetFileconImpl(const char *path,
|
|||||||
const char *tcon,
|
const char *tcon,
|
||||||
bool privileged)
|
bool privileged)
|
||||||
{
|
{
|
||||||
security_context_t econ;
|
|
||||||
|
|
||||||
/* Be aware that this function might run in a separate process.
|
/* Be aware that this function might run in a separate process.
|
||||||
* Therefore, any driver state changes would be thrown away. */
|
* Therefore, any driver state changes would be thrown away. */
|
||||||
|
|
||||||
@ -1259,15 +1257,6 @@ virSecuritySELinuxSetFileconImpl(const char *path,
|
|||||||
if (setfilecon_raw(path, (const char *)tcon) < 0) {
|
if (setfilecon_raw(path, (const char *)tcon) < 0) {
|
||||||
int setfilecon_errno = errno;
|
int setfilecon_errno = errno;
|
||||||
|
|
||||||
if (getfilecon_raw(path, &econ) >= 0) {
|
|
||||||
if (STREQ(tcon, econ)) {
|
|
||||||
freecon(econ);
|
|
||||||
/* It's alright, there's nothing to change anyway. */
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
freecon(econ);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If the error complaint is related to an image hosted on a (possibly
|
/* If the error complaint is related to an image hosted on a (possibly
|
||||||
* read-only) NFS mount, or a usbfs/sysfs filesystem not supporting
|
* read-only) NFS mount, or a usbfs/sysfs filesystem not supporting
|
||||||
* labelling, then just ignore it & hope for the best. The user
|
* labelling, then just ignore it & hope for the best. The user
|
||||||
@ -1401,22 +1390,11 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
|
|||||||
static int
|
static int
|
||||||
virSecuritySELinuxFSetFilecon(int fd, char *tcon)
|
virSecuritySELinuxFSetFilecon(int fd, char *tcon)
|
||||||
{
|
{
|
||||||
security_context_t econ;
|
|
||||||
|
|
||||||
VIR_INFO("Setting SELinux context on fd %d to '%s'", fd, tcon);
|
VIR_INFO("Setting SELinux context on fd %d to '%s'", fd, tcon);
|
||||||
|
|
||||||
if (fsetfilecon_raw(fd, tcon) < 0) {
|
if (fsetfilecon_raw(fd, tcon) < 0) {
|
||||||
int fsetfilecon_errno = errno;
|
int fsetfilecon_errno = errno;
|
||||||
|
|
||||||
if (fgetfilecon_raw(fd, &econ) >= 0) {
|
|
||||||
if (STREQ(tcon, econ)) {
|
|
||||||
freecon(econ);
|
|
||||||
/* It's alright, there's nothing to change anyway. */
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
freecon(econ);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* if the error complaint is related to an image hosted on
|
/* if the error complaint is related to an image hosted on
|
||||||
* an nfs mount, or a usbfs/sysfs filesystem not supporting
|
* an nfs mount, or a usbfs/sysfs filesystem not supporting
|
||||||
* labelling, then just ignore it & hope for the best.
|
* labelling, then just ignore it & hope for the best.
|
||||||
|
Loading…
Reference in New Issue
Block a user