From nobody Mon Feb  9 00:41:58 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1566487168; cv=none;
	d=zoho.com; s=zohoarc;
	b=P5BYlmq6G5B2IolSYkuS6166YEEwNZY5aAK2ZkKMIHGPfeBR9UMkFQR8rGrfg/mOUI3GlojfgIXlSK+sgHvAzAMbCLVnSwLPOVE7ygB0F3zIFyKk7J2NKY6gn+e2RFZ92DEONa4FVOTbAt6/ydBqxmGlF/Y6fKhLZmzx6Vuvn2o=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1566487168;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=eBOUePwJse/hDW3yHW+mBwj8ogC2EEfZKusN+PLe094=;
	b=AJOtmVD2PAJUhjrhys6elW1r8nsFXRfC5bSSnZK37NkBPO537FiFsQU8O/XzaBiqflx8WhC9geYuPbIG658a1i88KkRmm7UtVsr/rPubgrEZ3LtOG5vfrrV5QDtk46CWH6LL0eIqHPvlt7BMJdSYWMLwoPumknFpqFSBfw4nXAI=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
 header.from=<mprivozn@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1566487168036239.12729566346525;
 Thu, 22 Aug 2019 08:19:28 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A12B219CF26;
	Thu, 22 Aug 2019 15:19:26 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7EC646114F;
	Thu, 22 Aug 2019 15:19:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 43F7B180221F;
	Thu, 22 Aug 2019 15:19:26 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x7MFJD38027929 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 22 Aug 2019 11:19:13 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 2576260925; Thu, 22 Aug 2019 15:19:13 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.30])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A2C6D60606
	for <libvir-list@redhat.com>; Thu, 22 Aug 2019 15:19:12 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 22 Aug 2019 17:19:05 +0200
Message-Id: 
 <196c19c031271b00dcb85e4d9cf6e041893b7fe4.1566486921.git.mprivozn@redhat.com>
In-Reply-To: <cover.1566486921.git.mprivozn@redhat.com>
References: <cover.1566486921.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 2/6] virSecuritySELinuxSetFileconImpl: Drop
	@optional argument
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Thu, 22 Aug 2019 15:19:27 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

The only thing that the @optional argument does is that it makes
the function return 1 instead of 0 if setting SELinux context
failed in a non-critical fashion. Drop the argument then and
return 1 in that case. This enables caller to learn if SELinux
context was set or not.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
---
 src/security/security_selinux.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 0523613d4a..35385f4a23 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1261,19 +1261,23 @@ virSecuritySELinuxGetProcessLabel(virSecurityManage=
rPtr mgr ATTRIBUTE_UNUSED,
  * virSecuritySELinuxSetFileconImpl:
  * @path: path to the file to set context on
  * @tcon: target context to set
- * @optional: whether to treat errors as fatal
  * @privileged: whether running as privileged user
  *
  * Set @tcon SELinux context on @path. If unable to do so, check SELinux
  * configuration and produce sensible error message suggesting solution.
+ * It may happen that setting context fails but hypervisor will be able to
+ * open the @path successfully. This is because some file systems don't
+ * support SELinux, are RO, or the @path had the correct context from the
+ * start. If that is the case, a positive one is returned.
  *
  * Returns: -1 if failed to set context and SELinux is in enforcing mode
- *           1 if failed to set context and @optional is true
- *           0 otherwise.
+ *           1 if failed to set context,
+ *           0 if context was set successfully.
  */
 static int
-virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon,
-                                 bool optional, bool privileged)
+virSecuritySELinuxSetFileconImpl(const char *path,
+                                 const char *tcon,
+                                 bool privileged)
 {
     security_context_t econ;
=20
@@ -1289,7 +1293,7 @@ virSecuritySELinuxSetFileconImpl(const char *path, co=
nst char *tcon,
             if (STREQ(tcon, econ)) {
                 freecon(econ);
                 /* It's alright, there's nothing to change anyway. */
-                return optional ? 1 : 0;
+                return 1;
             }
             freecon(econ);
         }
@@ -1326,9 +1330,9 @@ virSecuritySELinuxSetFileconImpl(const char *path, co=
nst char *tcon,
                 VIR_INFO("Setting security context '%s' on '%s' not suppor=
ted",
                          tcon, path);
             }
-            if (optional)
-                return 1;
         }
+
+        return 1;
     }
     return 0;
 }
@@ -1388,7 +1392,7 @@ virSecuritySELinuxSetFileconHelper(virSecurityManager=
Ptr mgr,
         }
     }
=20
-    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged)=
 < 0)
+    if (virSecuritySELinuxSetFileconImpl(path, tcon, privileged) < 0)
         goto cleanup;
=20
     ret =3D 0;
@@ -1553,7 +1557,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManager=
Ptr mgr,
         }
     }
=20
-    if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged)=
 < 0)
+    if (virSecuritySELinuxSetFileconImpl(newpath, fcon, privileged) < 0)
         goto cleanup;
=20
     ret =3D 0;
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list