From fa095ad7a1c412de36d6f18cf4143f88182918ba Mon Sep 17 00:00:00 2001 From: Steve Lawrence Date: Tue, 20 May 2014 16:05:32 -0400 Subject: [PATCH] libsemanage: only try to compile file contexts if they exist It is not a requirement that all file context files exists (e.g. file_contexts.local is not mandatory). However, sefcontext_compile is executed for all file contexts files regardless of existance, which results in an error when they do not exist and causes policy load to fail. This modifies libsemanage so that sefcontext_compile is only executed on file contexts that do exist. Signed-off-by: Steve Lawrence --- libsemanage/src/semanage_store.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 4b040c30..8e1e774f 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -1081,6 +1081,11 @@ int semanage_split_fc(semanage_handle_t * sh) static int sefcontext_compile(semanage_handle_t * sh, const char *path) { int r; + + if (access(path, F_OK) != 0) { + return 0; + } + if ((r = semanage_exec_prog(sh, sh->conf->sefcontext_compile, path, "")) != 0) { ERR(sh, "sefcontext_compile returned error code %d. Compiling %s", r, path); return -1;