Don't unnecessarily try to change a file context

As pointed out by Tim Waugh here:

  https://bugzilla.redhat.com/507555

We shouldn't bother trying to set the context of a file if it already
matches what we want.

(Fixed to use STREQ() and not use tabs, as pointed out by danpb)

Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This commit is contained in:
Mark McLoughlin 2009-07-03 10:27:46 +00:00
parent 547147084d
commit add254feea
2 changed files with 18 additions and 2 deletions

View File

@ -1,3 +1,10 @@
Thu Jul 3 11:26:04 GMT 2009 Mark McLoughlin <markmc@redhat.com>
Patch from Tim Waugh in https://bugzilla.redhat.com/507555
* src/security_selinux.c: Don't unnecessarily try to change a
file context
Thu Jul 3 11:24:44 GMT 2009 Mark McLoughlin <markmc@redhat.com> Thu Jul 3 11:24:44 GMT 2009 Mark McLoughlin <markmc@redhat.com>
Patch from Dan Berrange in https://bugzilla.redhat.com/493692 Patch from Dan Berrange in https://bugzilla.redhat.com/493692

View File

@ -318,10 +318,19 @@ static int
SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon) SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{ {
char ebuf[1024]; char ebuf[1024];
security_context_t econ;
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
if (setfilecon(path, tcon) < 0) { if (setfilecon(path, tcon) < 0) {
if (getfilecon(path, &econ) >= 0) {
if (STREQ(tcon, econ)) {
freecon(econ);
/* It's alright, there's nothing to change anyway. */
return 0;
}
freecon(econ);
}
virSecurityReportError(conn, VIR_ERR_ERROR, virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context " _("%s: unable to set security context "
"'\%s\' on %s: %s."), __func__, "'\%s\' on %s: %s."), __func__,