xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit

author	Martin Kletzander <mkletzan@redhat.com>
	Fri, 5 Oct 2012 14:41:22 +0000 (16:41 +0200)
committer	Martin Kletzander <mkletzan@redhat.com>
	Fri, 12 Oct 2012 15:54:09 +0000 (17:54 +0200)
commit	9674f2c637114fa6ac0680fe5658a41a62bb34a8
tree	0ff2a2d730dcf4182eb7d08cdd62e1f50780ece3	tree
parent	f95560b3fe5e239ed85ec01885ed5eb872439e98	commit \| diff

selinux: Use raw contexts

We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code. This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.

The problems can be experienced with mcstrans for example. The
difference is that if you have translations enabled (yum install
mcstrans; service mcstrans start), fgetfilecon_raw() will get you
something like 'system_u:object_r:virt_image_t:s0', whereas
fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
that we cannot parse.

I was trying to confirm that the _raw variants were here since the dawn of
time, but the only thing I see now is that it was imported together in
the upstream repo [1] from svn, so before 2008.

Thanks Laurent Bigonville for finding this out.

[1] http://oss.tresys.com/git/selinux.git

configure.ac		diff \| blob \| blame \| history
src/security/security_selinux.c		diff \| blob \| blame \| history
src/storage/storage_backend.c		diff \| blob \| blame \| history
tests/securityselinuxhelper.c		diff \| blob \| blame \| history
tests/securityselinuxtest.c		diff \| blob \| blame \| history