security: Remove VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE

Nothing is setting that flag now so it can be removed. Note that removing 'mgr' from 'load_profile' in the apparmor driver would create a lot of churn. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-12-22 13:45:38 +00:00 · 2018-06-04 09:00:41 +02:00 · 2018-06-04 09:00:41 +02:00 · 10bc2127c3
commit 10bc2127c3
parent 69d0d15632
3 changed files with 3 additions and 15 deletions
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@ -170,7 +170,7 @@ profile_status_file(const char *str)
 * load (add) a profile. Will create one if necessary
 */
 static int
-load_profile(virSecurityManagerPtr mgr,
+load_profile(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
             const char *profile,
             virDomainDefPtr def,
             const char *fn,
@ -180,8 +180,6 @@ load_profile(virSecurityManagerPtr mgr,
    bool create = true;
    char *xml = NULL;
    virCommandPtr cmd = NULL;
-    const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr)
-        ? "1" : "0";

    xml = virDomainDefFormat(def, NULL, VIR_DOMAIN_DEF_FORMAT_SECURE);
    if (!xml)
@ -190,7 +188,7 @@ load_profile(virSecurityManagerPtr mgr,
    if (profile_status_file(profile) >= 0)
        create = false;

-    cmd = virCommandNewArgList(VIRT_AA_HELPER, "-p", probe,
+    cmd = virCommandNewArgList(VIRT_AA_HELPER,
                               create ? "-c" : "-r",
                               "-u", profile, NULL);
    if (!create && fn) {
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@ -365,13 +365,6 @@ virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr,
 }


-bool
-virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
-{
-    return mgr->flags & VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE;
-}
-
-
 bool
 virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr)
 {
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@ -31,7 +31,6 @@ typedef struct _virSecurityManager virSecurityManager;
 typedef virSecurityManager *virSecurityManagerPtr;

 typedef enum {
-    VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE   = 1 << 0,
    VIR_SECURITY_MANAGER_DEFAULT_CONFINED   = 1 << 1,
    VIR_SECURITY_MANAGER_REQUIRE_CONFINED   = 1 << 2,
    VIR_SECURITY_MANAGER_PRIVILEGED         = 1 << 3,
@ -40,8 +39,7 @@ typedef enum {
 } virSecurityManagerNewFlags;

 # define VIR_SECURITY_MANAGER_NEW_MASK \
-    (VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE  | \
-     VIR_SECURITY_MANAGER_DEFAULT_CONFINED  | \
+    (VIR_SECURITY_MANAGER_DEFAULT_CONFINED  | \
     VIR_SECURITY_MANAGER_REQUIRE_CONFINED  | \
     VIR_SECURITY_MANAGER_PRIVILEGED)

@ -89,7 +87,6 @@ const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
 const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
 const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);

-bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);