From 2d299525f5de29d11c6dc4810aa41e893535695b Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 3 Jul 2009 10:27:46 +0000
Subject: [PATCH] Don't unnecessarily try to change a file context

As pointed out by Tim Waugh here:

  https://bugzilla.redhat.com/507555

We shouldn't bother trying to set the context of a file if it already
matches what we want.

(Fixed to use STREQ() and not use tabs, as pointed out by danpb)

(cherry picked from commit add254feeaa830dd5af1118c141cb140bf55b5a7)

Fedora-patch: libvirt-0.6.2-do-not-unnecessarily-try-to-change-a-file-context.patch
---
 src/security_selinux.c |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/src/security_selinux.c b/src/security_selinux.c
index 450fce2..8ebe1fe 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -280,10 +280,19 @@ static int
 SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
 {
     char ebuf[1024];
+    security_context_t econ;
 
     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
 
-    if(setfilecon(path, tcon) < 0) {
+    if (setfilecon(path, tcon) < 0) {
+        if (getfilecon(path, &econ) >= 0) {
+            if (STREQ(tcon, econ)) {
+                freecon(econ);
+                /* It's alright, there's nothing to change anyway. */
+                return 0;
+            }
+            freecon(econ);
+        }
         virSecurityReportError(conn, VIR_ERR_ERROR,
                                _("%s: unable to set security context "
                                  "'\%s\' on %s: %s."), __func__,
-- 
1.6.2.5