mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 07:05:28 +00:00
selinux: Correctly report warning if virt_use_nfs not set
Previous patch c9b37fee
tried to deal with virt_use_nfs. But
setfilecon() returns EOPNOTSUPP on NFS so we need to move the
warning to else branch.
This commit is contained in:
parent
c4111bd0d9
commit
1888363d8b
@ -419,24 +419,27 @@ SELinuxSetFilecon(const char *path, char *tcon)
|
|||||||
* The user hopefully set one of the necessary SELinux
|
* The user hopefully set one of the necessary SELinux
|
||||||
* virt_use_{nfs,usb,pci} boolean tunables to allow it...
|
* virt_use_{nfs,usb,pci} boolean tunables to allow it...
|
||||||
*/
|
*/
|
||||||
if (setfilecon_errno != EOPNOTSUPP) {
|
if (setfilecon_errno != EOPNOTSUPP && setfilecon_errno != ENOTSUP) {
|
||||||
const char *errmsg;
|
|
||||||
if ((virStorageFileIsSharedFSType(path,
|
|
||||||
VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
|
|
||||||
security_get_boolean_active("virt_use_nfs") != 1) {
|
|
||||||
errmsg = _("unable to set security context '%s' on '%s'. "
|
|
||||||
"Consider setting virt_use_nfs");
|
|
||||||
} else {
|
|
||||||
errmsg = _("unable to set security context '%s' on '%s'");
|
|
||||||
}
|
|
||||||
virReportSystemError(setfilecon_errno,
|
virReportSystemError(setfilecon_errno,
|
||||||
errmsg,
|
_("unable to set security context '%s' on '%s'"),
|
||||||
tcon, path);
|
tcon, path);
|
||||||
if (security_getenforce() == 1)
|
if (security_getenforce() == 1)
|
||||||
return -1;
|
return -1;
|
||||||
} else {
|
} else {
|
||||||
VIR_INFO("Setting security context '%s' on '%s' not supported",
|
const char *msg;
|
||||||
tcon, path);
|
if ((virStorageFileIsSharedFSType(path,
|
||||||
|
VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
|
||||||
|
security_get_boolean_active("virt_use_nfs") != 1) {
|
||||||
|
msg = _("Setting security context '%s' on '%s' not supported. "
|
||||||
|
"Consider setting virt_use_nfs");
|
||||||
|
if (security_getenforce() == 1)
|
||||||
|
VIR_WARN(msg, tcon, path);
|
||||||
|
else
|
||||||
|
VIR_INFO(msg, tcon, path);
|
||||||
|
} else {
|
||||||
|
VIR_INFO("Setting security context '%s' on '%s' not supported",
|
||||||
|
tcon, path);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user