Re: [Libguestfs] [PATCH] If using SELinux, mount /selinux in the appliance

Richard W.M. Jones wrote: > I think this patch is also uncontroversial. > > If selinux=1 then we mount /selinux in the appliance. We also > bind-mount it into guests when running commands, just like we do for > /proc, /dev etc. > > If SELinux is disabled, then /selinux doesn't get mounted. ... > diff --git a/daemon/command.c b/daemon/command.c > index 0399255..3261513 100644 > --- a/daemon/command.c > +++ b/daemon/command.c > @@ -31,8 +31,9 @@ do_command (char **argv) > { > char *out, *err; > int r; > - char *sysroot_proc, *sysroot_dev, *sysroot_dev_pts, *sysroot_sys; > - int proc_ok, dev_ok, dev_pts_ok, sys_ok; > + char *sysroot_dev, *sysroot_dev_pts, *sysroot_proc, > + *sysroot_selinux, *sysroot_sys; > + int dev_ok, dev_pts_ok, proc_ok, selinux_ok, sys_ok; > > /* We need a root filesystem mounted to do this. */ > NEED_ROOT (NULL); > @@ -57,6 +58,7 @@ do_command (char **argv) > sysroot_dev = sysroot_path ("/dev"); > sysroot_dev_pts = sysroot_path ("/dev/pts"); > sysroot_proc = sysroot_path ("/proc"); > + sysroot_selinux = sysroot_path ("/selinux"); > sysroot_sys = sysroot_path ("/sys"); > > r = command (NULL, NULL, "mount", "--bind", "/dev", sysroot_dev, NULL); Shouldn't each of these sysroot_* variables be tested, in case sysroot_path's malloc has failed?