From 80d90c5c59e9477d8a0c9eb727a0fc1bec2b01ea Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@gmail.com>
Date: Sat, 4 May 2019 20:01:52 -0700
Subject: [PATCH] lsm: don't reset socket contex if SELinux is disabled

Fixes #693
---
 criu/lsm.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/criu/lsm.c b/criu/lsm.c
index 9c9ac7f80e..5921138392 100644
--- a/criu/lsm.c
+++ b/criu/lsm.c
@@ -134,7 +134,15 @@ static int selinux_get_sockcreate_label(pid_t pid, char **output)
 
 int reset_setsockcreatecon()
 {
-	return setsockcreatecon_raw(NULL);
+	/* Currently this only works for SELinux. */
+	if (kdat.lsm != LSMTYPE__SELINUX)
+		return 0;
+
+	if (setsockcreatecon_raw(NULL)) {
+		pr_perror("Unable to reset socket SELinux context");
+		return -1;
+	}
+	return 0;
 }
 
 int run_setsockcreatecon(FdinfoEntry *e)
@@ -147,7 +155,11 @@ int run_setsockcreatecon(FdinfoEntry *e)
 
 	ctx = e->xattr_security_selinux;
 	/* Writing to the FD using fsetxattr() did not work for some reason. */
-	return setsockcreatecon_raw(ctx);
+	if (setsockcreatecon_raw(ctx)) {
+		pr_perror("Unable to set the %s socket SELinux context", ctx);
+		return -1;
+	}
+	return 0;
 }
 
 int dump_xattr_security_selinux(int fd, FdinfoEntry *e)