selinux: Do not report an error when not returning -1

I guess the reason for that was the automatic interpretation/stringification of setfilecon_errno, but the code was not nice to read and it was a bit confusing. Also, the logs and error states get cleaner this way. Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2025-01-21 20:15:17 +00:00 · 2019-08-29 17:32:03 +02:00 · 2019-08-29 17:32:03 +02:00 · 86289374ef
commit 86289374ef
parent be9d259ebc
1 changed files with 8 additions and 4 deletions
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -1301,14 +1301,18 @@ virSecuritySELinuxSetFileconImpl(const char *path,
        if (setfilecon_errno != EOPNOTSUPP && setfilecon_errno != ENOTSUP &&
            setfilecon_errno != EROFS) {
        VIR_WARNINGS_RESET
-            virReportSystemError(setfilecon_errno,
-                                 _("unable to set security context '%s' on '%s'"),
-                                 tcon, path);
            /* However, don't claim error if SELinux is in Enforcing mode and
             * we are running as unprivileged user and we really did see EPERM.
             * Otherwise we want to return error if SELinux is Enforcing. */
-            if (security_getenforce() == 1 && (setfilecon_errno != EPERM || privileged))
+            if (security_getenforce() == 1 &&
+                (setfilecon_errno != EPERM || privileged)) {
+                virReportSystemError(setfilecon_errno,
+                                     _("unable to set security context '%s' on '%s'"),
+                                     tcon, path);
                return -1;
+            }
+            VIR_WARN("unable to set security context '%s' on '%s' (errno %d)",
+                     tcon, path, setfilecon_errno);
        } else {
            const char *msg;
            if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 1 &&