selinux: Correctly report warning if virt_use_nfs not set

Previous patch c9b37fee tried to deal with virt_use_nfs. But
setfilecon() returns EOPNOTSUPP on NFS so we need to move the
warning to else branch.
This commit is contained in:
Michal Privoznik 2011-09-22 10:57:24 +02:00
parent c4111bd0d9
commit 1888363d8b

View File

@ -419,24 +419,27 @@ SELinuxSetFilecon(const char *path, char *tcon)
* The user hopefully set one of the necessary SELinux * The user hopefully set one of the necessary SELinux
* virt_use_{nfs,usb,pci} boolean tunables to allow it... * virt_use_{nfs,usb,pci} boolean tunables to allow it...
*/ */
if (setfilecon_errno != EOPNOTSUPP) { if (setfilecon_errno != EOPNOTSUPP && setfilecon_errno != ENOTSUP) {
const char *errmsg;
if ((virStorageFileIsSharedFSType(path,
VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
security_get_boolean_active("virt_use_nfs") != 1) {
errmsg = _("unable to set security context '%s' on '%s'. "
"Consider setting virt_use_nfs");
} else {
errmsg = _("unable to set security context '%s' on '%s'");
}
virReportSystemError(setfilecon_errno, virReportSystemError(setfilecon_errno,
errmsg, _("unable to set security context '%s' on '%s'"),
tcon, path); tcon, path);
if (security_getenforce() == 1) if (security_getenforce() == 1)
return -1; return -1;
} else { } else {
VIR_INFO("Setting security context '%s' on '%s' not supported", const char *msg;
tcon, path); if ((virStorageFileIsSharedFSType(path,
VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
security_get_boolean_active("virt_use_nfs") != 1) {
msg = _("Setting security context '%s' on '%s' not supported. "
"Consider setting virt_use_nfs");
if (security_getenforce() == 1)
VIR_WARN(msg, tcon, path);
else
VIR_INFO(msg, tcon, path);
} else {
VIR_INFO("Setting security context '%s' on '%s' not supported",
tcon, path);
}
} }
} }
return 0; return 0;