selinux: Detect virt_use_nfs boolean set

author Michal Privoznik <mprivozn@redhat.com>

Thu, 8 Sep 2011 16:23:25 +0000 (18:23 +0200)

committer Michal Privoznik <mprivozn@redhat.com>

Fri, 9 Sep 2011 07:32:59 +0000 (09:32 +0200)
author Michal Privoznik <mprivozn@redhat.com>
Thu, 8 Sep 2011 16:23:25 +0000 (18:23 +0200)
committer Michal Privoznik <mprivozn@redhat.com>
Fri, 9 Sep 2011 07:32:59 +0000 (09:32 +0200)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c

index ca54f9be7f49428314fb34b43ed2e8929ffb96e8..028f5b26f3331fefc48675e4b687ab2ac0945cd2 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -420,8 +420,17 @@ SELinuxSetFilecon(const char *path, char *tcon)
           * virt_use_{nfs,usb,pci}  boolean tunables to allow it...
           */
          if (setfilecon_errno != EOPNOTSUPP) {
+            const char *errmsg;
+            if ((virStorageFileIsSharedFSType(path,
+                                             VIR_STORAGE_FILE_SHFS_NFS) == 1) &&
+                security_get_boolean_active("virt_use_nfs") != 1) {
+                errmsg = _("unable to set security context '%s' on '%s'. "
+                           "Consider setting virt_use_nfs");
+            } else {
+                errmsg = _("unable to set security context '%s' on '%s'");
+            }
              virReportSystemError(setfilecon_errno,
-                                 _("unable to set security context '%s' on '%s'"),
+                                 errmsg,
                                   tcon, path);
              if (security_getenforce() == 1)
                  return -1;
author	Michal Privoznik <mprivozn@redhat.com>
	Thu, 8 Sep 2011 16:23:25 +0000 (18:23 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Fri, 9 Sep 2011 07:32:59 +0000 (09:32 +0200)