From: Martin Kletzander Date: Thu, 29 Aug 2019 15:32:03 +0000 (+0200) Subject: selinux: Do not report an error when not returning -1 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=86289374ef85f673677881ef863ae6b6ce7e88a2;p=libvirt.git selinux: Do not report an error when not returning -1 I guess the reason for that was the automatic interpretation/stringification of setfilecon_errno, but the code was not nice to read and it was a bit confusing. Also, the logs and error states get cleaner this way. Signed-off-by: Martin Kletzander --- diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 39d616ba44..af7f62dfd9 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1301,14 +1301,18 @@ virSecuritySELinuxSetFileconImpl(const char *path, if (setfilecon_errno != EOPNOTSUPP && setfilecon_errno != ENOTSUP && setfilecon_errno != EROFS) { VIR_WARNINGS_RESET - virReportSystemError(setfilecon_errno, - _("unable to set security context '%s' on '%s'"), - tcon, path); /* However, don't claim error if SELinux is in Enforcing mode and * we are running as unprivileged user and we really did see EPERM. * Otherwise we want to return error if SELinux is Enforcing. */ - if (security_getenforce() == 1 && (setfilecon_errno != EPERM || privileged)) + if (security_getenforce() == 1 && + (setfilecon_errno != EPERM || privileged)) { + virReportSystemError(setfilecon_errno, + _("unable to set security context '%s' on '%s'"), + tcon, path); return -1; + } + VIR_WARN("unable to set security context '%s' on '%s' (errno %d)", + tcon, path, setfilecon_errno); } else { const char *msg; if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 1 &&