diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 9046b51004..11fff63bc7 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -640,15 +640,23 @@ virSecurityDACTransactionCommit(virSecurityManagerPtr mgr G_GNUC_UNUSED, list->lock = lock; + if (pid != -1) { + rc = virProcessRunInMountNamespace(pid, + virSecurityDACTransactionRun, + list); + if (rc < 0) { + if (virGetLastErrorCode() == VIR_ERR_SYSTEM_ERROR) + pid = -1; + else + goto cleanup; + } + } + if (pid == -1) { if (lock) rc = virProcessRunInFork(virSecurityDACTransactionRun, list); else rc = virSecurityDACTransactionRun(pid, list); - } else { - rc = virProcessRunInMountNamespace(pid, - virSecurityDACTransactionRun, - list); } if (rc < 0) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index c94f31727c..8aeb6e45a5 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1163,15 +1163,23 @@ virSecuritySELinuxTransactionCommit(virSecurityManagerPtr mgr G_GNUC_UNUSED, list->lock = lock; + if (pid != -1) { + rc = virProcessRunInMountNamespace(pid, + virSecuritySELinuxTransactionRun, + list); + if (rc < 0) { + if (virGetLastErrorCode() == VIR_ERR_SYSTEM_ERROR) + pid = -1; + else + goto cleanup; + } + } + if (pid == -1) { if (lock) rc = virProcessRunInFork(virSecuritySELinuxTransactionRun, list); else rc = virSecuritySELinuxTransactionRun(pid, list); - } else { - rc = virProcessRunInMountNamespace(pid, - virSecuritySELinuxTransactionRun, - list); } if (rc < 0)