virIdentityGetSystem: don't fail if SELinux is disabled

If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: N Michael Chapman <mike@very.puzzling.org>

virIdentityGetSystem: don't fail if SELinux is disabled
If SELinux is compiled into libvirt but it is disabled on the host, libvirtd logs: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument on each and every client connection. Use is_selinux_enabled() to skip retrieval of the process's SELinux context if SELinux is disabled. Signed-off-by: N Michael Chapman <mike@very.puzzling.org>
1af9800b · Michael Chapman · Michal Privoznik · 5eb5fb80 · 1af9800b
隐藏空白更改
内联并排

Showing with 10 addition and 8 deletion

src/util/viridentity.c src/util/viridentity.c +10 -8

未找到文件。
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -168,16 +168,18 @@ virIdentityPtr virIdentityGetSystem(void)
        goto cleanup;

 #if WITH_SELINUX
-    if (getcon(&con) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Unable to lookup SELinux process context"));
-        goto cleanup;
-    }
-    if (VIR_STRDUP(seccontext, con) < 0) {
+    if (is_selinux_enabled()) {
+        if (getcon(&con) < 0) {
+            virReportSystemError(errno, "%s",
+                                 _("Unable to lookup SELinux process context"));
+            goto cleanup;
+        }
+        if (VIR_STRDUP(seccontext, con) < 0) {
+            freecon(con);
+            goto cleanup;
+        }
        freecon(con);
-        goto cleanup;
    }
-    freecon(con);
 #endif

    if (!(ret = virIdentityNew()))