[libvirt] [PATCH] Remove bogus virSecurityManagerSetProcessFDLabel method
Daniel P. Berrange
berrange at redhat.com
Tue Aug 30 16:37:45 UTC 2011
The virSecurityManagerSetProcessFDLabel method was introduced
after a mis-understanding from a conversation about SELinux
socket labelling. The virSecurityManagerSetSocketLabel method
should have been used for all such scenarios.
* src/security/security_apparmor.c, src/security/security_apparmor.c,
src/security/security_driver.h, src/security/security_manager.c,
src/security/security_manager.h, src/security/security_selinux.c,
src/security/security_stack.c: Remove SetProcessFDLabel driver
---
src/security/security_apparmor.c | 29 -----------------------------
src/security/security_dac.c | 9 ---------
src/security/security_driver.h | 4 ----
src/security/security_manager.c | 11 -----------
src/security/security_manager.h | 3 ---
src/security/security_selinux.c | 14 --------------
src/security/security_stack.c | 18 ------------------
7 files changed, 0 insertions(+), 88 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index dbd1290..299dcc6 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -799,34 +799,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
return reload_profile(mgr, vm, fd_path, true);
}
-static int
-AppArmorSetProcessFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
- int fd)
-{
- int rc = -1;
- char *proc = NULL;
- char *fd_path = NULL;
-
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
-
- if (secdef->imagelabel == NULL)
- return 0;
-
- if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) {
- virReportOOMError();
- return rc;
- }
-
- if (virFileResolveLink(proc, &fd_path) < 0) {
- virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("could not find path for descriptor"));
- return rc;
- }
-
- return reload_profile(mgr, vm, fd_path, true);
-}
-
virSecurityDriver virAppArmorSecurityDriver = {
0,
SECURITY_APPARMOR_NAME,
@@ -863,5 +835,4 @@ virSecurityDriver virAppArmorSecurityDriver = {
AppArmorRestoreSavedStateLabel,
AppArmorSetImageFDLabel,
- AppArmorSetProcessFDLabel,
};
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index e5465fc..af02236 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -697,14 +697,6 @@ virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return 0;
}
-static int
-virSecurityDACSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED,
- int fd ATTRIBUTE_UNUSED)
-{
- return 0;
-}
-
virSecurityDriver virSecurityDriverDAC = {
sizeof(virSecurityDACData),
@@ -743,5 +735,4 @@ virSecurityDriver virSecurityDriverDAC = {
virSecurityDACRestoreSavedStateLabel,
virSecurityDACSetImageFDLabel,
- virSecurityDACSetProcessFDLabel,
};
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 94f27f8..aea90b0 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -84,9 +84,6 @@ typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd);
-typedef int (*virSecurityDomainSetProcessFDLabel) (virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
- int fd);
struct _virSecurityDriver {
size_t privateDataLen;
@@ -124,7 +121,6 @@ struct _virSecurityDriver {
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
- virSecurityDomainSetProcessFDLabel domainSetSecurityProcessFDLabel;
};
virSecurityDriverPtr virSecurityDriverLookup(const char *name);
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index b2fd0d0..cae9b83 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -346,14 +346,3 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1;
}
-
-int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
- int fd)
-{
- if (mgr->drv->domainSetSecurityProcessFDLabel)
- return mgr->drv->domainSetSecurityProcessFDLabel(mgr, vm, fd);
-
- virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
- return -1;
-}
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 38342c2..12cd498 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -96,8 +96,5 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
int fd);
-int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
- int fd);
#endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index cddbed5..ca54f9b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1321,19 +1321,6 @@ SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return SELinuxFSetFilecon(fd, secdef->imagelabel);
}
-static int
-SELinuxSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainObjPtr vm,
- int fd)
-{
- const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
-
- if (secdef->label == NULL)
- return 0;
-
- return SELinuxFSetFilecon(fd, secdef->label);
-}
-
virSecurityDriver virSecurityDriverSELinux = {
0,
SECURITY_SELINUX_NAME,
@@ -1370,5 +1357,4 @@ virSecurityDriver virSecurityDriverSELinux = {
SELinuxRestoreSavedStateLabel,
SELinuxSetImageFDLabel,
- SELinuxSetProcessFDLabel,
};
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index f263f5b..3f601c1 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -402,23 +402,6 @@ virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr,
}
-static int
-virSecurityStackSetProcessFDLabel(virSecurityManagerPtr mgr,
- virDomainObjPtr vm,
- int fd)
-{
- virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
- int rc = 0;
-
- if (virSecurityManagerSetProcessFDLabel(priv->secondary, vm, fd) < 0)
- rc = -1;
- if (virSecurityManagerSetProcessFDLabel(priv->primary, vm, fd) < 0)
- rc = -1;
-
- return rc;
-}
-
-
virSecurityDriver virSecurityDriverStack = {
sizeof(virSecurityStackData),
"stack",
@@ -455,5 +438,4 @@ virSecurityDriver virSecurityDriverStack = {
virSecurityStackRestoreSavedStateLabel,
virSecurityStackSetImageFDLabel,
- virSecurityStackSetProcessFDLabel,
};
--
1.7.4.4
More information about the libvir-list
mailing list