security: Remove disk labeling functions and fix callers

Now that we have replacement in the form of the image labeling function we can drop the unnecessary functions by replacing all callers. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
2024-07-11 04:15:49 +00:00 · 2019-01-23 13:28:43 +01:00 · 2019-01-23 13:28:43 +01:00 · c938c35363
commit c938c35363
parent 787e4a3dc8
5 changed files with 5 additions and 71 deletions
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -1357,7 +1357,6 @@ virSecurityManagerReleaseLabel;
 virSecurityManagerReserveLabel;
 virSecurityManagerRestoreAllLabel;
 virSecurityManagerRestoreChardevLabel;
-virSecurityManagerRestoreDiskLabel;
 virSecurityManagerRestoreHostdevLabel;
 virSecurityManagerRestoreImageLabel;
 virSecurityManagerRestoreInputLabel;
@ -1368,7 +1367,6 @@ virSecurityManagerSetAllLabel;
 virSecurityManagerSetChardevLabel;
 virSecurityManagerSetChildProcessLabel;
 virSecurityManagerSetDaemonSocketLabel;
-virSecurityManagerSetDiskLabel;
 virSecurityManagerSetHostdevLabel;
 virSecurityManagerSetImageFDLabel;
 virSecurityManagerSetImageLabel;
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@ -1932,7 +1932,8 @@ static int virLXCControllerSetupDisk(virLXCControllerPtr ctrl,
    /* Labelling normally operates on src, but we need
     * to actually label the dst here, so hack the config */
    def->src->path = dst;
-    if (virSecurityManagerSetDiskLabel(securityDriver, ctrl->def, def) < 0)
+    if (virSecurityManagerSetImageLabel(securityDriver, ctrl->def, def->src,
+                                        VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0)
        goto cleanup;

    ret = 0;
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@ -3636,8 +3636,9 @@ lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
        virDomainDiskDefPtr def = data->def->data.disk;
        char *tmpsrc = def->src->path;
        def->src->path = data->file;
-        if (virSecurityManagerSetDiskLabel(data->driver->securityManager,
-                                           data->vm->def, def) < 0) {
+        if (virSecurityManagerSetImageLabel(data->driver->securityManager,
+                                            data->vm->def, def->src,
+                                            VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0) {
            def->src->path = tmpsrc;
            goto cleanup;
        }
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@ -402,36 +402,6 @@ virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr)
 }


-/**
- * virSecurityManagerRestoreDiskLabel:
- * @mgr: security manager object
- * @vm: domain definition object
- * @disk: disk definition to operate on
- *
- * Removes security label from the source image of the disk. Note that this
- * function doesn't restore labels on backing chain elements of @disk.
- *
- * Returns: 0 on success, -1 on error.
- */
-int
-virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
-                                   virDomainDefPtr vm,
-                                   virDomainDiskDefPtr disk)
-{
-    if (mgr->drv->domainRestoreSecurityImageLabel) {
-        int ret;
-        virObjectLock(mgr);
-        ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk->src,
-                                                        VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN);
-        virObjectUnlock(mgr);
-        return ret;
-    }
-
-    virReportUnsupportedError();
-    return -1;
-}
-
-
 /**
 * virSecurityManagerRestoreImageLabel:
 * @mgr: security manager object
@ -513,36 +483,6 @@ virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
 }


-/**
- * virSecurityManagerSetDiskLabel:
- * @mgr: security manager object
- * @vm: domain definition object
- * @disk: disk definition to operate on
- *
- * Labels the disk image and all images in the backing chain with the configured
- * security label.
- *
- * Returns: 0 on success, -1 on error.
- */
-int
-virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
-                               virDomainDefPtr vm,
-                               virDomainDiskDefPtr disk)
-{
-    if (mgr->drv->domainSetSecurityImageLabel) {
-        int ret;
-        virObjectLock(mgr);
-        ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk->src,
-                                                    VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN);
-        virObjectUnlock(mgr);
-        return ret;
-    }
-
-    virReportUnsupportedError();
-    return -1;
-}
-
-
 /**
 * virSecurityManagerSetImageLabel:
 * @mgr: security manager object
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@ -90,18 +90,12 @@ bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);

-int virSecurityManagerRestoreDiskLabel(virSecurityManagerPtr mgr,
-                                       virDomainDefPtr def,
-                                       virDomainDiskDefPtr disk);
 int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
                                           virDomainDefPtr vm);
 int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
                                     virDomainDefPtr def);
 int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
                                       virDomainDefPtr def);
-int virSecurityManagerSetDiskLabel(virSecurityManagerPtr mgr,
-                                   virDomainDefPtr def,
-                                   virDomainDiskDefPtr disk);
 int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
                                          virDomainDefPtr def,
                                          virDomainHostdevDefPtr dev,