mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 22:55:23 +00:00
selinux: Detect virt_use_nfs boolean set
If we fail setting label on a file and this file is on NFS share, it is wise to advise user to set virt_use_nfs selinux boolean variable.
This commit is contained in:
parent
b14e7d2a16
commit
c9b37fee25
@ -420,8 +420,17 @@ SELinuxSetFilecon(const char *path, char *tcon)
|
||||
* virt_use_{nfs,usb,pci} boolean tunables to allow it...
|
||||
*/
|
||||
if (setfilecon_errno != EOPNOTSUPP) {
|
||||
const char *errmsg;
|
||||
if ((virStorageFileIsSharedFSType(path,
|
||||
VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
|
||||
security_get_boolean_active("virt_use_nfs") != 1) {
|
||||
errmsg = _("unable to set security context '%s' on '%s'. "
|
||||
"Consider setting virt_use_nfs");
|
||||
} else {
|
||||
errmsg = _("unable to set security context '%s' on '%s'");
|
||||
}
|
||||
virReportSystemError(setfilecon_errno,
|
||||
_("unable to set security context '%s' on '%s'"),
|
||||
errmsg,
|
||||
tcon, path);
|
||||
if (security_getenforce() == 1)
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user