517157 fix selinux problem with images on NFS

* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an NFS share

517157 fix selinux problem with images on NFS
* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an NFS share
777fc2e9 · Darryl L. Pierce · Daniel Veillard · ce1783cc · 777fc2e9
隐藏空白更改
内联并排

Showing with 17 addition and 8 deletion

src/security_selinux.c src/security_selinux.c +17 -8

未找到文件。
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -323,6 +323,8 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
    VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
    if (setfilecon(path, tcon) < 0) {
+        int setfilecon_errno = errno;
        if (getfilecon(path, &econ) >= 0) {
            if (STREQ(tcon, econ)) {
                freecon(econ);
@@ -331,14 +333,21 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
            }
            freecon(econ);
        }
-        virSecurityReportError(conn, VIR_ERR_ERROR,
-                               _("%s: unable to set security context "
+        /* if the error complaint is related to an image hosted on
-                                 "'\%s\' on %s: %s."), __func__,
+         * an nfs mount, then ignore it.
-                               tcon,
+         * rhbz 517157
-                               path,
+         */
-                               virStrerror(errno, ebuf, sizeof ebuf));
+        if (setfilecon_errno != EOPNOTSUPP) {
-        if (security_getenforce() == 1)
+            virSecurityReportError(conn, VIR_ERR_ERROR,
-            return -1;
+                                 _("%s: unable to set security context "
+                                   "'\%s\' on %s: %s."), __func__,
+                                 tcon,
+                                 path,
+                                 virStrerror(errno, ebuf, sizeof ebuf));
+            if (security_getenforce() == 1)
+                return -1;
+        }
    }
    return 0;
 }