diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index dbd12909f0b79db751f0d27402b9c4e6e1ee1c73..299dcc644b56c57af6910fff1d9ab93b57c1f9f8 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -799,34 +799,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, return reload_profile(mgr, vm, fd_path, true); } -static int -AppArmorSetProcessFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd) -{ - int rc = -1; - char *proc = NULL; - char *fd_path = NULL; - - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - - if (secdef->imagelabel == NULL) - return 0; - - if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) { - virReportOOMError(); - return rc; - } - - if (virFileResolveLink(proc, &fd_path) < 0) { - virSecurityReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("could not find path for descriptor")); - return rc; - } - - return reload_profile(mgr, vm, fd_path, true); -} - virSecurityDriver virAppArmorSecurityDriver = { 0, SECURITY_APPARMOR_NAME, @@ -863,5 +835,4 @@ virSecurityDriver virAppArmorSecurityDriver = { AppArmorRestoreSavedStateLabel, AppArmorSetImageFDLabel, - AppArmorSetProcessFDLabel, }; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index e5465fc0db05d11ad7ad86eaa2a3c33659d17f49..af02236121805f2eabd4a526c2f0c81bc401980c 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -697,14 +697,6 @@ virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, return 0; } -static int -virSecurityDACSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm ATTRIBUTE_UNUSED, - int fd ATTRIBUTE_UNUSED) -{ - return 0; -} - virSecurityDriver virSecurityDriverDAC = { sizeof(virSecurityDACData), @@ -743,5 +735,4 @@ virSecurityDriver virSecurityDriverDAC = { virSecurityDACRestoreSavedStateLabel, virSecurityDACSetImageFDLabel, - virSecurityDACSetProcessFDLabel, }; diff --git a/src/security/security_driver.h b/src/security/security_driver.h index 94f27f81d7a169981a5df35dcdbe18af729b7886..aea90b024ee2255bf10ff4684ad050990b5b3552 100644 --- a/src/security/security_driver.h +++ b/src/security/security_driver.h @@ -84,9 +84,6 @@ typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr, typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr, virDomainObjPtr vm, int fd); -typedef int (*virSecurityDomainSetProcessFDLabel) (virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd); struct _virSecurityDriver { size_t privateDataLen; @@ -124,7 +121,6 @@ struct _virSecurityDriver { virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel; virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel; - virSecurityDomainSetProcessFDLabel domainSetSecurityProcessFDLabel; }; virSecurityDriverPtr virSecurityDriverLookup(const char *name); diff --git a/src/security/security_manager.c b/src/security/security_manager.c index b2fd0d043c495b50cfe342529e4d4c1491155abd..cae9b838c13baa8e993c919f73179624831d8af2 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -346,14 +346,3 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); return -1; } - -int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd) -{ - if (mgr->drv->domainSetSecurityProcessFDLabel) - return mgr->drv->domainSetSecurityProcessFDLabel(mgr, vm, fd); - - virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); - return -1; -} diff --git a/src/security/security_manager.h b/src/security/security_manager.h index 38342c28148ea43b3a9682674b1d42ac965673fc..12cd49833edace92af7b40977eba94f94c85d652 100644 --- a/src/security/security_manager.h +++ b/src/security/security_manager.h @@ -96,8 +96,5 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr, int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, virDomainObjPtr vm, int fd); -int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd); #endif /* VIR_SECURITY_MANAGER_H__ */ diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index cddbed51a162ef246a3049415a869c6968bb1a27..ca54f9be7f49428314fb34b43ed2e8929ffb96e8 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1321,19 +1321,6 @@ SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, return SELinuxFSetFilecon(fd, secdef->imagelabel); } -static int -SELinuxSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainObjPtr vm, - int fd) -{ - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - - if (secdef->label == NULL) - return 0; - - return SELinuxFSetFilecon(fd, secdef->label); -} - virSecurityDriver virSecurityDriverSELinux = { 0, SECURITY_SELINUX_NAME, @@ -1370,5 +1357,4 @@ virSecurityDriver virSecurityDriverSELinux = { SELinuxRestoreSavedStateLabel, SELinuxSetImageFDLabel, - SELinuxSetProcessFDLabel, }; diff --git a/src/security/security_stack.c b/src/security/security_stack.c index f263f5bcef2f86560ac36c2c445a6a1d108cbee6..3f601c140fdd11cf188ee9f2a82ea00cfbcb0d18 100644 --- a/src/security/security_stack.c +++ b/src/security/security_stack.c @@ -402,23 +402,6 @@ virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr, } -static int -virSecurityStackSetProcessFDLabel(virSecurityManagerPtr mgr, - virDomainObjPtr vm, - int fd) -{ - virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); - int rc = 0; - - if (virSecurityManagerSetProcessFDLabel(priv->secondary, vm, fd) < 0) - rc = -1; - if (virSecurityManagerSetProcessFDLabel(priv->primary, vm, fd) < 0) - rc = -1; - - return rc; -} - - virSecurityDriver virSecurityDriverStack = { sizeof(virSecurityStackData), "stack", @@ -455,5 +438,4 @@ virSecurityDriver virSecurityDriverStack = { virSecurityStackRestoreSavedStateLabel, virSecurityStackSetImageFDLabel, - virSecurityStackSetProcessFDLabel, };