[libvirt] [PATCH 04/10] security: Remove VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE
Peter Krempa
pkrempa at redhat.com
Mon Jun 4 08:58:46 UTC 2018
Nothing is setting that flag now so it can be removed. Note that
removing 'mgr' from 'load_profile' in the apparmor driver would create a
lot of churn.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/security/security_apparmor.c | 6 ++----
src/security/security_manager.c | 7 -------
src/security/security_manager.h | 5 +----
3 files changed, 3 insertions(+), 15 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 333d098be4..cb41df71a9 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -170,7 +170,7 @@ profile_status_file(const char *str)
* load (add) a profile. Will create one if necessary
*/
static int
-load_profile(virSecurityManagerPtr mgr,
+load_profile(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
const char *profile,
virDomainDefPtr def,
const char *fn,
@@ -180,8 +180,6 @@ load_profile(virSecurityManagerPtr mgr,
bool create = true;
char *xml = NULL;
virCommandPtr cmd = NULL;
- const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr)
- ? "1" : "0";
xml = virDomainDefFormat(def, NULL, VIR_DOMAIN_DEF_FORMAT_SECURE);
if (!xml)
@@ -190,7 +188,7 @@ load_profile(virSecurityManagerPtr mgr,
if (profile_status_file(profile) >= 0)
create = false;
- cmd = virCommandNewArgList(VIRT_AA_HELPER, "-p", probe,
+ cmd = virCommandNewArgList(VIRT_AA_HELPER,
create ? "-c" : "-r",
"-u", profile, NULL);
if (!create && fn) {
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 71f7f59b9c..cacd1d5457 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -365,13 +365,6 @@ virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr,
}
-bool
-virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
-{
- return mgr->flags & VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE;
-}
-
-
bool
virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr)
{
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index c36a8b488f..c5e472bba4 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -31,7 +31,6 @@ typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr;
typedef enum {
- VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE = 1 << 0,
VIR_SECURITY_MANAGER_DEFAULT_CONFINED = 1 << 1,
VIR_SECURITY_MANAGER_REQUIRE_CONFINED = 1 << 2,
VIR_SECURITY_MANAGER_PRIVILEGED = 1 << 3,
@@ -40,8 +39,7 @@ typedef enum {
} virSecurityManagerNewFlags;
# define VIR_SECURITY_MANAGER_NEW_MASK \
- (VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE | \
- VIR_SECURITY_MANAGER_DEFAULT_CONFINED | \
+ (VIR_SECURITY_MANAGER_DEFAULT_CONFINED | \
VIR_SECURITY_MANAGER_REQUIRE_CONFINED | \
VIR_SECURITY_MANAGER_PRIVILEGED)
@@ -89,7 +87,6 @@ const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
-bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);
--
2.16.2
More information about the libvir-list
mailing list