is_selinux_enabled() returns -1 on error, account for this.

Per the documentation, is_selinux_enabled() returns -1 on error.
Account for this. Previously when -1 was being returned the condition
would still be true. I was noticing this because on my system that has
selinux disabled I was getting this in the libvirt.log every 5
seconds:

error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument

With this patch applied, I no longer get these messages every 5
seconds. I am submitting this in case its deemed useful for inclusion.
Anyone have any comments on this change? This is a patch off current
master.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 02c74966f51137dd7c380a1eb32601558215cc7e..5f46bef7124a452a65786657f3bdface6ffbc9ee 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -784,7 +784,7 @@ error:
 static int
 virSecuritySELinuxSecurityDriverProbe(const char *virtDriver)
 {
-    if (!is_selinux_enabled())
+    if (is_selinux_enabled() <= 0)
         return SECURITY_DRIVER_DISABLE;
 
     if (virtDriver && STREQ(virtDriver, "LXC")) {

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 351fdd745bd15ab93627dff9525db8562cf49c98..05e7568d2c67f2f4c413dad384ee2957f4ce7852 100644 (file)
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -169,7 +169,7 @@ virIdentityPtr virIdentityGetSystem(void)
         goto cleanup;
 
 #if WITH_SELINUX
-    if (is_selinux_enabled()) {
+    if (is_selinux_enabled() > 0) {
         if (getcon(&con) < 0) {
             virReportSystemError(errno, "%s",
                                  _("Unable to lookup SELinux process context"));