security: Remove VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE

Nothing is setting that flag now so it can be removed. Note that
removing 'mgr' from 'load_profile' in the apparmor driver would create a
lot of churn.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2018-06-04 09:00:41 +02:00
parent 69d0d15632
commit 10bc2127c3
3 changed files with 3 additions and 15 deletions

View File

@ -170,7 +170,7 @@ profile_status_file(const char *str)
* load (add) a profile. Will create one if necessary * load (add) a profile. Will create one if necessary
*/ */
static int static int
load_profile(virSecurityManagerPtr mgr, load_profile(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
const char *profile, const char *profile,
virDomainDefPtr def, virDomainDefPtr def,
const char *fn, const char *fn,
@ -180,8 +180,6 @@ load_profile(virSecurityManagerPtr mgr,
bool create = true; bool create = true;
char *xml = NULL; char *xml = NULL;
virCommandPtr cmd = NULL; virCommandPtr cmd = NULL;
const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr)
? "1" : "0";
xml = virDomainDefFormat(def, NULL, VIR_DOMAIN_DEF_FORMAT_SECURE); xml = virDomainDefFormat(def, NULL, VIR_DOMAIN_DEF_FORMAT_SECURE);
if (!xml) if (!xml)
@ -190,7 +188,7 @@ load_profile(virSecurityManagerPtr mgr,
if (profile_status_file(profile) >= 0) if (profile_status_file(profile) >= 0)
create = false; create = false;
cmd = virCommandNewArgList(VIRT_AA_HELPER, "-p", probe, cmd = virCommandNewArgList(VIRT_AA_HELPER,
create ? "-c" : "-r", create ? "-c" : "-r",
"-u", profile, NULL); "-u", profile, NULL);
if (!create && fn) { if (!create && fn) {

View File

@ -365,13 +365,6 @@ virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr,
} }
bool
virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
{
return mgr->flags & VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE;
}
bool bool
virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr) virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr)
{ {

View File

@ -31,7 +31,6 @@ typedef struct _virSecurityManager virSecurityManager;
typedef virSecurityManager *virSecurityManagerPtr; typedef virSecurityManager *virSecurityManagerPtr;
typedef enum { typedef enum {
VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE = 1 << 0,
VIR_SECURITY_MANAGER_DEFAULT_CONFINED = 1 << 1, VIR_SECURITY_MANAGER_DEFAULT_CONFINED = 1 << 1,
VIR_SECURITY_MANAGER_REQUIRE_CONFINED = 1 << 2, VIR_SECURITY_MANAGER_REQUIRE_CONFINED = 1 << 2,
VIR_SECURITY_MANAGER_PRIVILEGED = 1 << 3, VIR_SECURITY_MANAGER_PRIVILEGED = 1 << 3,
@ -40,8 +39,7 @@ typedef enum {
} virSecurityManagerNewFlags; } virSecurityManagerNewFlags;
# define VIR_SECURITY_MANAGER_NEW_MASK \ # define VIR_SECURITY_MANAGER_NEW_MASK \
(VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE | \ (VIR_SECURITY_MANAGER_DEFAULT_CONFINED | \
VIR_SECURITY_MANAGER_DEFAULT_CONFINED | \
VIR_SECURITY_MANAGER_REQUIRE_CONFINED | \ VIR_SECURITY_MANAGER_REQUIRE_CONFINED | \
VIR_SECURITY_MANAGER_PRIVILEGED) VIR_SECURITY_MANAGER_PRIVILEGED)
@ -89,7 +87,6 @@ const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr); const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType); const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr); bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr); bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr); bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);