security_selinux: Play nicely with network FS that only emulates SELinux

There are some network file systems that do support XATTRs (e.g.
gluster via FUSE). And they appear to support SELinux too.
However, not really. Problem is, that it is impossible to change
SELinux label of a file stored there, and yet we claim success
(rightfully - hypervisor succeeds in opening the file). But this
creates a problem for us - from XATTR bookkeeping POV, we haven't
changed the label and thus if we remembered any label, we must
roll back and remove it.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>

src/security/security_selinux.c

@@ -1384,12 +1384,18 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
         }
     }
 
-    if (virSecuritySELinuxSetFileconImpl(path, tcon, privileged) < 0)
+    rc = virSecuritySELinuxSetFileconImpl(path, tcon, privileged);
+    if (rc < 0)
         goto cleanup;
 
+    /* Do not try restoring the label if it was not changed
+     * (setting it failed in a non-critical fashion) */
+    if (rc == 0)
+        rollback = false;
+
     ret = 0;
  cleanup:
-    if (ret < 0 && rollback) {
+    if (rollback) {
         virErrorPtr origerr;
 
         virErrorPreserveLast(&origerr);