mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-09 01:18:00 +03:00
securityselinuxhelper: Fix retval of setcon_raw() and security_disable()
The securityselinuxhelper is a mock that's replacing libselinux APIs with our own implementation to achieve deterministic results. Our implementation uses env vars (among other things) to hold internal state. For instance, "FAKE_SELINUX_CONTEXT" and "FAKE_SELINUX_DISABLED" variables are used. However, as we were switching from setenv() to g_setenv() we also changed the set of possible retvals from setcon_raw() and security_disable(). Previously, the retval of setenv() was used directly which returns 0 on success and -1 on error. But g_setenv() has different retval semantics: it returns 1 on success and 0 on error. This discrepancy can be observed by running viridentitytest where case #2 reports an error ("!") - because setcon_raw() returns 1. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
d1873e03b4
commit
4ce1106277
@ -140,7 +140,7 @@ int setcon_raw(const char *context)
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE);
|
||||
return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1;
|
||||
}
|
||||
|
||||
int setcon(const char *context)
|
||||
@ -219,7 +219,7 @@ int security_disable(void)
|
||||
return -1;
|
||||
}
|
||||
|
||||
return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE);
|
||||
return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
|
||||
}
|
||||
|
||||
int security_getenforce(void)
|
||||
|
Loading…
Reference in New Issue
Block a user