[libvirt] [PATCH 07/11] security: Remove disk labelling functions and fix callers
Peter Krempa
pkrempa at redhat.com
Wed Jan 23 16:11:02 UTC 2019
Now that we have replacement in the form of the image labelling function
we can drop the unnecessary functions by replacing all callers.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/libvirt_private.syms | 2 --
src/lxc/lxc_controller.c | 3 +-
src/lxc/lxc_driver.c | 4 +--
src/security/security_manager.c | 58 ---------------------------------
src/security/security_manager.h | 6 ----
5 files changed, 4 insertions(+), 69 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c3d6306809..599b97569a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1354,7 +1354,6 @@ virSecurityManagerReleaseLabel;
virSecurityManagerReserveLabel;
virSecurityManagerRestoreAllLabel;
virSecurityManagerRestoreChardevLabel;
-virSecurityManagerRestoreDiskLabel;
virSecurityManagerRestoreHostdevLabel;
virSecurityManagerRestoreImageLabel;
virSecurityManagerRestoreInputLabel;
@@ -1365,7 +1364,6 @@ virSecurityManagerSetAllLabel;
virSecurityManagerSetChardevLabel;
virSecurityManagerSetChildProcessLabel;
virSecurityManagerSetDaemonSocketLabel;
-virSecurityManagerSetDiskLabel;
virSecurityManagerSetHostdevLabel;
virSecurityManagerSetImageFDLabel;
virSecurityManagerSetImageLabel;
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 2bec8846aa..790ff65b0e 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1932,7 +1932,8 @@ static int virLXCControllerSetupDisk(virLXCControllerPtr ctrl,
/* Labelling normally operates on src, but we need
* to actually label the dst here, so hack the config */
def->src->path = dst;
- if (virSecurityManagerSetDiskLabel(securityDriver, ctrl->def, def) < 0)
+ if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def,
+ def->src, true) < 0)
goto cleanup;
ret = 0;
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index df15a0da50..f03c6af691 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -3636,8 +3636,8 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
virDomainDiskDefPtr def = data->def->data.disk;
char *tmpsrc = def->src->path;
def->src->path = data->file;
- if (virSecurityManagerSetDiskLabel(data->driver->securityManager,
- data->vm->def, def) < 0) {
+ if (virSecurityManagerSetImageLabel(data->driver->securityManager,
+ data->vm->def, def->src, true) < 0) {
def->src->path = tmpsrc;
goto cleanup;
}
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 5493f0f66b..72081ac586 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -402,35 +402,6 @@ virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr)
}
-/**
- * virSecurityManagerRestoreDiskLabel:
- * @mgr: security manager object
- * @vm: domain definition object
- * @disk: disk definition to operate on
- *
- * Removes security label from the source image of the disk. Note that this
- * function doesn't restore labels on backing chain elements of @disk.
- *
- * Returns: 0 on success, -1 on error.
- */
-int
-virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- virDomainDiskDefPtr disk)
-{
- if (mgr->drv->domainRestoreSecurityImageLabel) {
- int ret;
- virObjectLock(mgr);
- ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk->src, true);
- virObjectUnlock(mgr);
- return ret;
- }
-
- virReportUnsupportedError();
- return -1;
-}
-
-
/**
* virSecurityManagerRestoreImageLabel:
* @mgr: security manager object
@@ -512,35 +483,6 @@ virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
}
-/**
- * virSecurityManagerSetDiskLabel:
- * @mgr: security manager object
- * @vm: domain definition object
- * @disk: disk definition to operate on
- *
- * Labels the disk image and all images in the backing chain with the configured
- * security label.
- *
- * Returns: 0 on success, -1 on error.
- */
-int
-virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr vm,
- virDomainDiskDefPtr disk)
-{
- if (mgr->drv->domainSetSecurityImageLabel) {
- int ret;
- virObjectLock(mgr);
- ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk->src, true);
- virObjectUnlock(mgr);
- return ret;
- }
-
- virReportUnsupportedError();
- return -1;
-}
-
-
/**
* virSecurityManagerSetImageLabel:
* @mgr: security manager object
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 0207113b14..8e1fb3b3c9 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -90,18 +90,12 @@ bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);
-int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk);
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm);
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def);
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def);
-int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- virDomainDiskDefPtr disk);
int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
virDomainHostdevDefPtr dev,
--
2.20.1
More information about the libvir-list
mailing list