On 24/04/13 20:43, Peter Krempa wrote:
virSecuritySELinuxGenNewContext() reports sensible errors but at
virSecuritySELinuxGenSecurityLabel() the error is masked with a
non-specific one.
---
  src/security/security_selinux.c | 9 +++------
  1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index c620a2e..89d63ab 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -685,13 +685,10 @@  (virSecurityManagerPtr mgr,
              }
          }

-        seclabel->label =
-            virSecuritySELinuxGenNewContext(baselabel, mcs, false);
-        if (!seclabel->label)  {
-            virReportError(VIR_ERR_INTERNAL_ERROR,
-                           _("cannot generate selinux context for %s"), mcs);
+        seclabel->label = virSecuritySELinuxGenNewContext(baselabel, mcs, 
false);
+        if (!seclabel->label)
              goto cleanup;
-        }
+
          break;

      case VIR_DOMAIN_SECLABEL_NONE:

Makes sense, there are good errors from virSecuritySELinuxGenNewContext,
but I see another use of virSecuritySELinuxGenNewContext in
virSecuritySELinuxGenNewContext, which overrides the error too, worth to
fix together.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to