[libvirt PATCH 3/3] lxc: drop compat code for capability constants

Daniel P. Berrangé berrange at redhat.com
Wed Jun 17 15:51:53 UTC 2020 

Given our supported platform matrix, we can safely assume that
all the capability constants we need are defined by the system
headers.

Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 src/lxc/lxc_container.c | 114 ----------------------------------------
 1 file changed, 114 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 36dee51168..c22b7b0709 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1697,120 +1697,6 @@ static int lxcContainerResolveAllSymlinks(virDomainDefPtr vmDef)
  */
 #if WITH_CAPNG
 
-/* Define capabilities to -1 if those aren't defined in the kernel:
- * this will help us ignore them. */
-# ifndef CAP_AUDIT_CONTROL
-#  define CAP_AUDIT_CONTROL -1
-# endif
-# ifndef CAP_AUDIT_WRITE
-#  define CAP_AUDIT_WRITE -1
-# endif
-# ifndef CAP_BLOCK_SUSPEND
-#  define CAP_BLOCK_SUSPEND -1
-# endif
-# ifndef CAP_CHOWN
-#  define CAP_CHOWN -1
-# endif
-# ifndef CAP_DAC_OVERRIDE
-#  define CAP_DAC_OVERRIDE -1
-# endif
-# ifndef CAP_DAC_READ_SEARCH
-#  define CAP_DAC_READ_SEARCH -1
-# endif
-# ifndef CAP_FOWNER
-#  define CAP_FOWNER -1
-# endif
-# ifndef CAP_FSETID
-#  define CAP_FSETID -1
-# endif
-# ifndef CAP_IPC_LOCK
-#  define CAP_IPC_LOCK -1
-# endif
-# ifndef CAP_IPC_OWNER
-#  define CAP_IPC_OWNER -1
-# endif
-# ifndef CAP_KILL
-#  define CAP_KILL -1
-# endif
-# ifndef CAP_LEASE
-#  define CAP_LEASE -1
-# endif
-# ifndef CAP_LINUX_IMMUTABLE
-#  define CAP_LINUX_IMMUTABLE -1
-# endif
-# ifndef CAP_MAC_ADMIN
-#  define CAP_MAC_ADMIN -1
-# endif
-# ifndef CAP_MAC_OVERRIDE
-#  define CAP_MAC_OVERRIDE -1
-# endif
-# ifndef CAP_MKNOD
-#  define CAP_MKNOD -1
-# endif
-# ifndef CAP_NET_ADMIN
-#  define CAP_NET_ADMIN -1
-# endif
-# ifndef CAP_NET_BIND_SERVICE
-#  define CAP_NET_BIND_SERVICE -1
-# endif
-# ifndef CAP_NET_BROADCAST
-#  define CAP_NET_BROADCAST -1
-# endif
-# ifndef CAP_NET_RAW
-#  define CAP_NET_RAW -1
-# endif
-# ifndef CAP_SETGID
-#  define CAP_SETGID -1
-# endif
-# ifndef CAP_SETFCAP
-#  define CAP_SETFCAP -1
-# endif
-# ifndef CAP_SETPCAP
-#  define CAP_SETPCAP -1
-# endif
-# ifndef CAP_SETUID
-#  define CAP_SETUID -1
-# endif
-# ifndef CAP_SYS_ADMIN
-#  define CAP_SYS_ADMIN -1
-# endif
-# ifndef CAP_SYS_BOOT
-#  define CAP_SYS_BOOT -1
-# endif
-# ifndef CAP_SYS_CHROOT
-#  define CAP_SYS_CHROOT -1
-# endif
-# ifndef CAP_SYS_MODULE
-#  define CAP_SYS_MODULE -1
-# endif
-# ifndef CAP_SYS_NICE
-#  define CAP_SYS_NICE -1
-# endif
-# ifndef CAP_SYS_PACCT
-#  define CAP_SYS_PACCT -1
-# endif
-# ifndef CAP_SYS_PTRACE
-#  define CAP_SYS_PTRACE -1
-# endif
-# ifndef CAP_SYS_RAWIO
-#  define CAP_SYS_RAWIO -1
-# endif
-# ifndef CAP_SYS_RESOURCE
-#  define CAP_SYS_RESOURCE -1
-# endif
-# ifndef CAP_SYS_TIME
-#  define CAP_SYS_TIME -1
-# endif
-# ifndef CAP_SYS_TTY_CONFIG
-#  define CAP_SYS_TTY_CONFIG -1
-# endif
-# ifndef CAP_SYSLOG
-#  define CAP_SYSLOG -1
-# endif
-# ifndef CAP_WAKE_ALARM
-#  define CAP_WAKE_ALARM -1
-# endif
-
 static int lxcContainerDropCapabilities(virDomainDefPtr def,
                                         bool keepReboot)
 {
-- 
2.24.1

More information about the libvir-list mailing list