selinux: Correctly report warning if virt_use_nfs not set

Previous patch c9b37fee tried to deal with virt_use_nfs. But
setfilecon() returns EOPNOTSUPP on NFS so we need to move the
warning to else branch.

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 028f5b26f3331fefc48675e4b687ab2ac0945cd2..0807a34c63812ad96fe09ae240b74b213f6b09d9 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -419,24 +419,27 @@ SELinuxSetFilecon(const char *path, char *tcon)
          * The user hopefully set one of the necessary SELinux
          * virt_use_{nfs,usb,pci}  boolean tunables to allow it...
          */
-        if (setfilecon_errno != EOPNOTSUPP) {
-            const char *errmsg;
-            if ((virStorageFileIsSharedFSType(path,
-                                             VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
-                security_get_boolean_active("virt_use_nfs") != 1) {
-                errmsg = _("unable to set security context '%s' on '%s'. "
-                           "Consider setting virt_use_nfs");
-            } else {
-                errmsg = _("unable to set security context '%s' on '%s'");
-            }
+        if (setfilecon_errno != EOPNOTSUPP && setfilecon_errno != ENOTSUP) {
             virReportSystemError(setfilecon_errno,
-                                 errmsg,
+                                 _("unable to set security context '%s' on '%s'"),
                                  tcon, path);
             if (security_getenforce() == 1)
                 return -1;
         } else {
-            VIR_INFO("Setting security context '%s' on '%s' not supported",
-                     tcon, path);
+            const char *msg;
+            if ((virStorageFileIsSharedFSType(path,
+                                              VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
+                security_get_boolean_active("virt_use_nfs") != 1) {
+                msg = _("Setting security context '%s' on '%s' not supported. "
+                        "Consider setting virt_use_nfs");
+               if (security_getenforce() == 1)
+                   VIR_WARN(msg, tcon, path);
+               else
+                   VIR_INFO(msg, tcon, path);
+            } else {
+                VIR_INFO("Setting security context '%s' on '%s' not supported",
+                         tcon, path);
+            }
         }
     }
     return 0;