diff options
| author | Martin Kletzander <mkletzan@redhat.com> | 2012-10-05 16:41:22 +0200 |
|---|---|---|
| committer | Martin Kletzander <mkletzan@redhat.com> | 2012-10-12 17:54:09 +0200 |
| commit | 9674f2c637114fa6ac0680fe5658a41a62bb34a8 (patch) | |
| tree | 0ff2a2d730dcf4182eb7d08cdd62e1f50780ece3 /tests/securityselinuxtest.c | |
| parent | f95560b3fe5e239ed85ec01885ed5eb872439e98 (diff) | |
| download | libvirt-9674f2c637114fa6ac0680fe5658a41a62bb34a8.tar.gz | |
selinux: Use raw contexts
We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code. This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.
The problems can be experienced with mcstrans for example. The
difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.
I was trying to confirm that the _raw variants were here since the dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.
Thanks Laurent Bigonville for finding this out.
[1] http://oss.tresys.com/git/selinux.git
Diffstat (limited to 'tests/securityselinuxtest.c')
| -rw-r--r-- | tests/securityselinuxtest.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c index 848a39044c..8bcf3a1ce8 100644 --- a/tests/securityselinuxtest.c +++ b/tests/securityselinuxtest.c @@ -217,7 +217,7 @@ testSELinuxGenLabel(const void *opaque) context_t con = NULL; context_t imgcon = NULL; - if (setcon((security_context_t)data->pidcon) < 0) { + if (setcon_raw((security_context_t)data->pidcon) < 0) { perror("Cannot set process security context"); return -1; } |