From ff5a1ea09a73e1b42b42825e82402a5b6f8e857f Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sat, 20 Oct 2012 15:57:28 -0400 Subject: [PATCH] selinux: Don't fail RestoreAll if file doesn't have a default label When restoring selinux labels after a VM is stopped, any non-standard path that doesn't have a default selinux label causes the process to stop and exit early. This isn't really an error condition IMO. Of course the selinux API could be erroring for some other reason but hopefully that's rare enough to not need explicit handling. Common example here is storing disk images in a non-standard location like under /mnt. (cherry picked from commit 767be8be7226abe9a242c812ba5ff28108d2955c) --- src/security/security_selinux.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 58ad8fb96b..3157e83b1a 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -936,7 +936,11 @@ virSecuritySELinuxRestoreSecurityFileLabel(const char *path) } if (getContext(newpath, buf.st_mode, &fcon) < 0) { + /* Any user created path likely does not have a default label, + * which makes this an expected non error + */ VIR_WARN("cannot lookup default selinux label for %s", newpath); + rc = 0; } else { rc = virSecuritySELinuxSetFilecon(newpath, fcon); }