Remove use of virConnectPtr from security driver APIs

The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match

Remove use of virConnectPtr from security driver APIs
The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
d6126f76 · Daniel P. Berrange · 65842bf6 · d6126f76 · d6126f76 · d6126f76
7 changed file
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -118,8 +118,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
                              const char *migrateFrom,
                              int stdin_fd);
-static void qemudShutdownVMDaemon(virConnectPtr conn,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
-                                  struct qemud_driver *driver,
                                  virDomainObjPtr vm);
 static int qemudDomainGetMaxVcpus(virDomainPtr dom);
@@ -681,7 +680,7 @@ qemuHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
                                     VIR_DOMAIN_EVENT_STOPPED_FAILED :
                                     VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
-    qemudShutdownVMDaemon(NULL, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
    if (!vm->persistent)
        virDomainRemoveInactive(&driver->domains, vm);
    else
@@ -865,7 +864,7 @@ qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaq
    if (driver->securityDriver &&
        driver->securityDriver->domainReserveSecurityLabel &&
-        driver->securityDriver->domainReserveSecurityLabel(NULL, obj) < 0)
+        driver->securityDriver->domainReserveSecurityLabel(obj) < 0)
        goto error;
    if (obj->def->id >= driver->nextvmid)
@@ -878,7 +877,7 @@ error:
    /* We can't get the monitor back, so must kill the VM
     * to remove danger of it ending up running twice if
     * user tries to start it again later */
-    qemudShutdownVMDaemon(NULL, driver, obj);
+    qemudShutdownVMDaemon(driver, obj);
    if (!obj->persistent)
        virDomainRemoveInactive(&driver->domains, obj);
    else
@@ -2468,7 +2467,7 @@ static int qemudSecurityHook(void *data) {
    if (h->driver->securityDriver &&
        h->driver->securityDriver->domainSetSecurityProcessLabel &&
-        h->driver->securityDriver->domainSetSecurityProcessLabel(h->conn, h->driver->securityDriver, h->vm) < 0)
+        h->driver->securityDriver->domainSetSecurityProcessLabel(h->driver->securityDriver, h->vm) < 0)
        return -1;
    return 0;
@@ -2536,12 +2535,12 @@ static int qemudStartVMDaemon(virConnectPtr conn,
       then generate a security label for isolation */
    if (driver->securityDriver &&
        driver->securityDriver->domainGenSecurityLabel &&
-        driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0)
+        driver->securityDriver->domainGenSecurityLabel(vm) < 0)
        return -1;
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityAllLabel &&
-        driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+        driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
        goto cleanup;
    /* Ensure no historical cgroup for this VM is lieing around bogus settings */
@@ -2767,10 +2766,10 @@ cleanup:
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityAllLabel)
-        driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+        driver->securityDriver->domainRestoreSecurityAllLabel(vm);
    if (driver->securityDriver &&
        driver->securityDriver->domainReleaseSecurityLabel)
-        driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+        driver->securityDriver->domainReleaseSecurityLabel(vm);
    qemuRemoveCgroup(driver, vm, 0);
    if ((vm->def->ngraphics == 1) &&
        vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
@@ -2784,7 +2783,7 @@ cleanup:
 abort:
    /* We jump here if we failed to initialize the now running VM
     * killing it off and pretend we never started it */
-    qemudShutdownVMDaemon(conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
    if (logfile != -1)
        close(logfile);
@@ -2793,8 +2792,7 @@ abort:
 }
-static void qemudShutdownVMDaemon(virConnectPtr conn,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
-                                  struct qemud_driver *driver,
                                  virDomainObjPtr vm) {
    int ret;
    int retries = 0;
@@ -2851,10 +2849,10 @@ static void qemudShutdownVMDaemon(virConnectPtr conn,
    /* Reset Security Labels */
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityAllLabel)
-        driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+        driver->securityDriver->domainRestoreSecurityAllLabel(vm);
    if (driver->securityDriver &&
        driver->securityDriver->domainReleaseSecurityLabel)
-        driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+        driver->securityDriver->domainReleaseSecurityLabel(vm);
    /* Clear out dynamically assigned labels */
    if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -3306,7 +3304,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
                                        VIR_DOMAIN_XML_INACTIVE)))
        goto cleanup;
-    if (virSecurityDriverVerify(conn, def) < 0)
+    if (virSecurityDriverVerify(def) < 0)
        goto cleanup;
    if (virDomainObjIsDuplicate(&driver->domains, def, 1) < 0)
@@ -3535,7 +3533,7 @@ static int qemudDomainDestroy(virDomainPtr dom) {
        goto endjob;
    }
-    qemudShutdownVMDaemon(dom->conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
    event = virDomainEventNewFromObj(vm,
                                     VIR_DOMAIN_EVENT_STOPPED,
                                     VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
@@ -3911,7 +3909,7 @@ static int qemudDomainSave(virDomainPtr dom,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSavedStateLabel &&
-        driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
        goto endjob;
    if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
@@ -3938,13 +3936,13 @@ static int qemudDomainSave(virDomainPtr dom,
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSavedStateLabel &&
-        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
        goto endjob;
    ret = 0;
    /* Shut it down */
-    qemudShutdownVMDaemon(dom->conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
    event = virDomainEventNewFromObj(vm,
                                     VIR_DOMAIN_EVENT_STOPPED,
                                     VIR_DOMAIN_EVENT_STOPPED_SAVED);
@@ -4025,7 +4023,7 @@ static int qemudDomainCoreDump(virDomainPtr dom,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSavedStateLabel &&
-        driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
        goto endjob;
    /* Migrate will always stop the VM, so the resume condition is
@@ -4052,12 +4050,12 @@ static int qemudDomainCoreDump(virDomainPtr dom,
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSavedStateLabel &&
-        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
        goto endjob;
 endjob:
    if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
-        qemudShutdownVMDaemon(dom->conn, driver, vm);
+        qemudShutdownVMDaemon(driver, vm);
        event = virDomainEventNewFromObj(vm,
                                         VIR_DOMAIN_EVENT_STOPPED,
                                         VIR_DOMAIN_EVENT_STOPPED_CRASHED);
@@ -4388,7 +4386,7 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
     */
    if (virDomainObjIsActive(vm)) {
        if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) {
-            if (driver->securityDriver->domainGetSecurityProcessLabel(dom->conn, vm, seclabel) == -1) {
+            if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) {
                qemuReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s", _("Failed to get security label"));
                goto cleanup;
@@ -5000,7 +4998,7 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
                                        VIR_DOMAIN_XML_INACTIVE)))
        goto cleanup;
-    if (virSecurityDriverVerify(conn, def) < 0)
+    if (virSecurityDriverVerify(def) < 0)
        goto cleanup;
    if ((dupVM = virDomainObjIsDuplicate(&driver->domains, def, 0)) < 0)
@@ -5095,8 +5093,7 @@ cleanup:
 }
-static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
+static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver,
-                                           struct qemud_driver *driver,
                                           virDomainObjPtr vm,
                                           virDomainDiskDefPtr disk)
 {
@@ -5137,7 +5134,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
        return -1;
    qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -5163,7 +5160,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, origdisk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0)
        VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
    VIR_FREE(origdisk->src);
@@ -5178,7 +5175,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
 error:
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
        VIR_WARN("Unable to restore security label on new media %s", disk->src);
    return -1;
 }
@@ -5205,7 +5202,7 @@ static int qemudDomainAttachPciDiskDevice(struct qemud_driver *driver,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
        return -1;
    if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
@@ -5266,7 +5263,7 @@ error:
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
        VIR_WARN("Unable to restore security label on %s", disk->src);
    return -1;
@@ -5398,7 +5395,7 @@ static int qemudDomainAttachSCSIDisk(struct qemud_driver *driver,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
        return -1;
    /* We should have an address already, so make sure */
@@ -5475,7 +5472,7 @@ error:
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
        VIR_WARN("Unable to restore security label on %s", disk->src);
    return -1;
@@ -5502,7 +5499,7 @@ static int qemudDomainAttachUsbMassstorageDevice(struct qemud_driver *driver,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
        return -1;
    if (!disk->src) {
@@ -5554,7 +5551,7 @@ error:
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
        VIR_WARN("Unable to restore security label on %s", disk->src);
    return -1;
@@ -5825,8 +5822,7 @@ error:
 }
-static int qemudDomainAttachHostDevice(virConnectPtr conn,
+static int qemudDomainAttachHostDevice(struct qemud_driver *driver,
-                                       struct qemud_driver *driver,
                                       virDomainObjPtr vm,
                                       virDomainHostdevDefPtr hostdev,
                                       int qemuCmdFlags)
@@ -5840,7 +5836,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
    if (driver->securityDriver &&
        driver->securityDriver->domainSetSecurityHostdevLabel &&
-        driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, hostdev) < 0)
+        driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0)
        return -1;
    switch (hostdev->source.subsys.type) {
@@ -5868,7 +5864,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
 error:
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securityDriver->domainRestoreSecurityHostdevLabel(conn, vm, hostdev) < 0)
+        driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0)
        VIR_WARN0("Unable to restore host device labelling on hotplug fail");
    return -1;
@@ -5936,7 +5932,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
        switch (dev->data.disk->device) {
        case VIR_DOMAIN_DISK_DEVICE_CDROM:
        case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
-            ret = qemudDomainChangeEjectableMedia(dom->conn, driver, vm, dev->data.disk);
+            ret = qemudDomainChangeEjectableMedia(driver, vm, dev->data.disk);
            if (ret == 0)
                dev->data.disk = NULL;
            break;
@@ -5991,7 +5987,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
        if (ret == 0)
            dev->data.net = NULL;
    } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
-        ret = qemudDomainAttachHostDevice(dom->conn, driver, vm,
+        ret = qemudDomainAttachHostDevice(driver, vm,
                                          dev->data.hostdev, qemuCmdFlags);
        if (ret == 0)
            dev->data.hostdev = NULL;
@@ -6085,7 +6081,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, dev->data.disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
        VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
    ret = 0;
@@ -6357,7 +6353,7 @@ static int qemudDomainDetachHostDevice(struct qemud_driver *driver,
    if (driver->securityDriver &&
        driver->securityDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securityDriver->domainRestoreSecurityHostdevLabel(NULL, vm, dev->data.hostdev) < 0)
+        driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0)
        VIR_WARN0("Failed to restore host device labelling");
    return ret;
@@ -7506,7 +7502,7 @@ qemudDomainMigratePrepareTunnel(virConnectPtr dconn,
    qemust = qemuStreamMigOpen(st, unixfile);
    if (qemust == NULL) {
-        qemudShutdownVMDaemon(NULL, driver, vm);
+        qemudShutdownVMDaemon(driver, vm);
        if (!vm->persistent) {
            if (qemuDomainObjEndJob(vm) > 0)
                virDomainRemoveInactive(&driver->domains, vm);
@@ -8193,7 +8189,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
    }
    /* Clean up the source domain. */
-    qemudShutdownVMDaemon (dom->conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
    paused = 0;
    event = virDomainEventNewFromObj(vm,
@@ -8336,7 +8332,7 @@ qemudDomainMigrateFinish2 (virConnectPtr dconn,
        }
        virDomainSaveStatus(driver->caps, driver->stateDir, vm);
    } else {
-        qemudShutdownVMDaemon (dconn, driver, vm);
+        qemudShutdownVMDaemon(driver, vm);
        event = virDomainEventNewFromObj(vm,
                                         VIR_DOMAIN_EVENT_STOPPED,
                                         VIR_DOMAIN_EVENT_STOPPED_FAILED);

--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -105,8 +105,7 @@ err:
 static int
-qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                     virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                     virDomainDiskDefPtr disk)
 {
@@ -149,8 +148,7 @@ qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-qemuSecurityDACRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                         virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                         virDomainDiskDefPtr disk)
 {
    if (!driver->privileged || !driver->dynamicOwnership)
@@ -195,8 +193,7 @@ qemuSecurityDACSetSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
+qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm,
-                                       virDomainObjPtr vm,
                                       virDomainHostdevDefPtr dev)
 {
@@ -218,7 +215,7 @@ qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
        if (!usb)
            goto done;
-        ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
+        ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
        usbFreeDevice(usb);
        break;
    }
@@ -232,7 +229,7 @@ qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
        if (!pci)
            goto done;
-        ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACSetSecurityPCILabel, vm);
+        ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACSetSecurityPCILabel, vm);
        pciFreeDevice(pci);
        break;
@@ -269,8 +266,7 @@ qemuSecurityDACRestoreSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
+qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                           virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                           virDomainHostdevDefPtr dev)
 {
@@ -292,7 +288,7 @@ qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
        if (!usb)
            goto done;
-        ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
+        ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
        usbFreeDevice(usb);
        break;
@@ -307,7 +303,7 @@ qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
        if (!pci)
            goto done;
-        ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
+        ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
        pciFreeDevice(pci);
        break;
@@ -324,8 +320,7 @@ done:
 static int
-qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
+qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
-                                       virDomainObjPtr vm)
 {
    int i;
    int rc = 0;
@@ -336,12 +331,12 @@ qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
    VIR_DEBUG("Restoring security label on %s", vm->def->name);
    for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (qemuSecurityDACRestoreSecurityHostdevLabel(conn, vm,
+        if (qemuSecurityDACRestoreSecurityHostdevLabel(vm,
                                                       vm->def->hostdevs[i]) < 0)
            rc = -1;
    }
    for (i = 0 ; i < vm->def->ndisks ; i++) {
-        if (qemuSecurityDACRestoreSecurityImageLabel(conn, vm,
+        if (qemuSecurityDACRestoreSecurityImageLabel(vm,
                                                     vm->def->disks[i]) < 0)
            rc = -1;
    }
@@ -350,8 +345,7 @@ qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
 static int
-qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
+qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
-                                   virDomainObjPtr vm)
 {
    int i;
@@ -362,11 +356,11 @@ qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
        /* XXX fixme - we need to recursively label the entriy tree :-( */
        if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
            continue;
-        if (qemuSecurityDACSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+        if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
            return -1;
    }
    for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (qemuSecurityDACSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+        if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
            return -1;
    }
@@ -375,8 +369,7 @@ qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
 static int
-qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                  virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                  const char *savefile)
 {
    if (!driver->privileged || !driver->dynamicOwnership)
@@ -387,8 +380,7 @@ qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                      virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                      const char *savefile)
 {
    if (!driver->privileged || !driver->dynamicOwnership)
@@ -399,8 +391,7 @@ qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-qemuSecurityDACSetProcessLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+qemuSecurityDACSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
-                               virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
                               virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
    DEBUG("Dropping privileges of VM to %d:%d", driver->user, driver->group);

--- a/src/qemu/qemu_security_stacked.c
+++ b/src/qemu/qemu_security_stacked.c
@@ -38,19 +38,18 @@ void qemuSecurityStackedSetDriver(struct qemud_driver *newdriver)
 static int
-qemuSecurityStackedVerify(virConnectPtr conn,
+qemuSecurityStackedVerify(virDomainDefPtr def)
-                          virDomainDefPtr def)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainSecurityVerify &&
-        driver->securitySecondaryDriver->domainSecurityVerify(conn, def) < 0)
+        driver->securitySecondaryDriver->domainSecurityVerify(def) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainSecurityVerify &&
-        driver->securityPrimaryDriver->domainSecurityVerify(conn, def) < 0)
+        driver->securityPrimaryDriver->domainSecurityVerify(def) < 0)
        rc = -1;
    return rc;
@@ -58,19 +57,18 @@ qemuSecurityStackedVerify(virConnectPtr conn,
 static int
-qemuSecurityStackedGenLabel(virConnectPtr conn,
+qemuSecurityStackedGenLabel(virDomainObjPtr vm)
-                            virDomainObjPtr vm)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainGenSecurityLabel &&
-        driver->securitySecondaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainGenSecurityLabel &&
-        driver->securityPrimaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0)
        rc = -1;
    return rc;
@@ -78,19 +76,18 @@ qemuSecurityStackedGenLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedReleaseLabel(virConnectPtr conn,
+qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
-                                virDomainObjPtr vm)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
-        driver->securitySecondaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
-        driver->securityPrimaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0)
        rc = -1;
    return rc;
@@ -98,19 +95,18 @@ qemuSecurityStackedReleaseLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedReserveLabel(virConnectPtr conn,
+qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
-                                virDomainObjPtr vm)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainReserveSecurityLabel &&
-        driver->securitySecondaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainReserveSecurityLabel &&
-        driver->securityPrimaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0)
        rc = -1;
    return rc;
@@ -118,20 +114,19 @@ qemuSecurityStackedReserveLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
+qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
-                                         virDomainObjPtr vm,
                                         virDomainDiskDefPtr disk)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
        rc = -1;
    return rc;
@@ -139,20 +134,19 @@ qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
+qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
-                                             virDomainObjPtr vm,
                                             virDomainDiskDefPtr disk)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
-        driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
-        driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
        rc = -1;
    return rc;
@@ -160,8 +154,7 @@ qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
+qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
-                                           virDomainObjPtr vm,
                                           virDomainHostdevDefPtr dev)
 {
@@ -169,12 +162,12 @@ qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
        rc = -1;
    return rc;
@@ -182,8 +175,7 @@ qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
+qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
-                                               virDomainObjPtr vm,
                                               virDomainHostdevDefPtr dev)
 {
@@ -191,12 +183,12 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
        rc = -1;
    return rc;
@@ -204,19 +196,18 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
+qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm)
-                                       virDomainObjPtr vm)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0)
        rc = -1;
    return rc;
@@ -224,19 +215,18 @@ qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
+qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm)
-                                           virDomainObjPtr vm)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
-        driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
-        driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
        rc = -1;
    return rc;
@@ -244,20 +234,19 @@ qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
+qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
-                                      virDomainObjPtr vm,
                                      const char *savefile)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainSetSavedStateLabel &&
-        driver->securitySecondaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainSetSavedStateLabel &&
-        driver->securityPrimaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
        rc = -1;
    return rc;
@@ -265,20 +254,19 @@ qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
+qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm,
-                                          virDomainObjPtr vm,
                                          const char *savefile)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
-        driver->securitySecondaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
-        driver->securityPrimaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
        rc = -1;
    return rc;
@@ -286,23 +274,20 @@ qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
 static int
-qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
+qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
-                                   virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
                                   virDomainObjPtr vm)
 {
    int rc = 0;
    if (driver->securitySecondaryDriver &&
        driver->securitySecondaryDriver->domainSetSecurityProcessLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityProcessLabel(conn,
+        driver->securitySecondaryDriver->domainSetSecurityProcessLabel(driver->securitySecondaryDriver,
-                                                                       driver->securitySecondaryDriver,
                                                                       vm) < 0)
        rc = -1;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainSetSecurityProcessLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityProcessLabel(conn,
+        driver->securityPrimaryDriver->domainSetSecurityProcessLabel(driver->securityPrimaryDriver,
-                                                                     driver->securityPrimaryDriver,
                                                                     vm) < 0)
        rc = -1;
@@ -310,16 +295,14 @@ qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
 }
 static int
-qemuSecurityStackedGetProcessLabel(virConnectPtr conn,
+qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm,
-                                   virDomainObjPtr vm,
                                   virSecurityLabelPtr seclabel)
 {
    int rc = 0;
    if (driver->securityPrimaryDriver &&
        driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
-        driver->securityPrimaryDriver->domainGetSecurityProcessLabel(conn,
+        driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm,
-                                                                     vm,
                                                                     seclabel) < 0)
        rc = -1;

--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -148,7 +148,7 @@ profile_status_file(const char *str)
 * load (add) a profile. Will create one if necessary
 */
 static int
-load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
+load_profile(const char *profile, virDomainObjPtr vm,
             virDomainDiskDefPtr disk)
 {
    int rc = -1, status, ret;
@@ -162,7 +162,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
        return rc;
    }
-    xml = virDomainDefFormat(conn, vm->def, VIR_DOMAIN_XML_SECURE);
+    xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE);
    if (!xml)
        goto clean;
@@ -204,7 +204,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
        if (errno == EINTR)
            goto rewait;
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("Unexpected exit status from virt-aa-helper "
                               "%d pid %lu"),
                               WEXITSTATUS(status), (unsigned long)child);
@@ -311,9 +311,9 @@ AppArmorSecurityDriverProbe(void)
 * currently not used.
 */
 static int
-AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
 {
-    virSecurityDriverSetDOI(conn, drv, SECURITY_APPARMOR_VOID_DOI);
+    virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
    return 0;
 }
@@ -323,7 +323,7 @@ AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
 * called on shutdown.
 */
 static int
-AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorGenSecurityLabel(virDomainObjPtr vm)
 {
    int rc = -1;
    char *profile_name = NULL;
@@ -333,7 +333,7 @@ AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
    if ((vm->def->seclabel.label) ||
        (vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               "%s",
                               _("security label already defined for VM"));
        return rc;
@@ -377,15 +377,15 @@ AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
 }
 static int
-AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorSetSecurityAllLabel(virDomainObjPtr vm)
 {
    if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
        return 0;
    /* if the profile is not already loaded, then load one */
    if (profile_loaded(vm->def->seclabel.label) < 0) {
-        if (load_profile(conn, vm->def->seclabel.label, vm, NULL) < 0) {
+        if (load_profile(vm->def->seclabel.label, vm, NULL) < 0) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                   _("cannot generate AppArmor profile "
                                   "\'%s\'"), vm->def->seclabel.label);
            return -1;
@@ -399,8 +399,7 @@ AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
 * running.
 */
 static int
-AppArmorGetSecurityProcessLabel(virConnectPtr conn,
+AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
-                                virDomainObjPtr vm, virSecurityLabelPtr sec)
 {
    int rc = -1;
    char *profile_name = NULL;
@@ -410,13 +409,13 @@ AppArmorGetSecurityProcessLabel(virConnectPtr conn,
    if (virStrcpy(sec->label, profile_name,
        VIR_SECURITY_LABEL_BUFLEN) == NULL) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               "%s", _("error copying profile name"));
        goto clean;
    }
    if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               "%s", _("error calling profile_status()"));
        goto clean;
    }
@@ -432,7 +431,7 @@ AppArmorGetSecurityProcessLabel(virConnectPtr conn,
 * more details. Currently called via qemudShutdownVMDaemon.
 */
 static int
-AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPtr vm)
+AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -445,14 +444,14 @@ AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPt
 static int
-AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
    int rc = 0;
    if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
        if ((rc = remove_profile(secdef->label)) != 0) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                   _("could not remove profile for \'%s\'"),
                                   secdef->label);
        }
@@ -464,8 +463,7 @@ AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
 * LOCAL_STATE_DIR/log/libvirt/qemu/<vm name>.log
 */
 static int
-AppArmorSetSecurityProcessLabel(virConnectPtr conn,
+AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm)
-                                virSecurityDriverPtr drv, virDomainObjPtr vm)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
    int rc = -1;
@@ -475,7 +473,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
        return rc;
    if (STRNEQ(drv->name, secdef->model)) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("security label driver mismatch: "
                               "\'%s\' model configured for domain, but "
                               "hypervisor driver is \'%s\'."),
@@ -485,7 +483,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
    }
    if (aa_change_profile(profile_name) < 0) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("error calling aa_change_profile()"));
        goto clean;
    }
@@ -500,8 +498,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
 /* Called when hotplugging */
 static int
-AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
+AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm,
-                                  virDomainObjPtr vm,
                                  virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -516,8 +513,8 @@ AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
    /* Update the profile only if it is loaded */
    if (profile_loaded(secdef->imagelabel) >= 0) {
-        if (load_profile(conn, secdef->imagelabel, vm, NULL) < 0) {
+        if (load_profile(secdef->imagelabel, vm, NULL) < 0) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                   _("cannot update AppArmor profile "
                                     "\'%s\'"),
                                   secdef->imagelabel);
@@ -534,8 +531,7 @@ AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
 /* Called when hotplugging */
 static int
-AppArmorSetSecurityImageLabel(virConnectPtr conn,
+AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
-                              virDomainObjPtr vm, virDomainDiskDefPtr disk)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
    int rc = -1;
@@ -550,7 +546,7 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
    if (secdef->imagelabel) {
        /* if the device doesn't exist, error out */
        if (!virFileExists(disk->src)) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                   _("\'%s\' does not exist"), disk->src);
            return rc;
        }
@@ -560,8 +556,8 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
        /* update the profile only if it is loaded */
        if (profile_loaded(secdef->imagelabel) >= 0) {
-            if (load_profile(conn, secdef->imagelabel, vm, disk) < 0) {
+            if (load_profile(secdef->imagelabel, vm, disk) < 0) {
-                virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+                virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                     _("cannot update AppArmor profile "
                                     "\'%s\'"),
                                     secdef->imagelabel);
@@ -578,13 +574,13 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
 }
 static int
-AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+AppArmorSecurityVerify(virDomainDefPtr def)
 {
    const virSecurityLabelDefPtr secdef = &def->seclabel;
    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
        if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
-            virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+            virSecurityReportError(VIR_ERR_XML_ERROR,
                                   _("Invalid security label \'%s\'"),
                                   secdef->label);
            return -1;
@@ -594,16 +590,14 @@ AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
 }
 static int
-AppArmorReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED)
-                            virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
    /* NOOP. Nothing to reserve with AppArmor */
    return 0;
 }
 static int
-AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
-                                virDomainObjPtr vm,
                                virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
 {
@@ -617,8 +611,7 @@ AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 static int
-AppArmorRestoreSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
-                                    virDomainObjPtr vm,
                                    virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
 {

--- a/src/security/security_driver.c
+++ b/src/security/security_driver.c
@@ -35,7 +35,7 @@ static virSecurityDriverPtr security_drivers[] = {
 };
 int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
+virSecurityDriverVerify(virDomainDefPtr def)
 {
    unsigned int i;
    const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -46,10 +46,10 @@ virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
    for (i = 0; security_drivers[i] != NULL ; i++) {
        if (STREQ(security_drivers[i]->name, secdef->model)) {
-            return security_drivers[i]->domainSecurityVerify(conn, def);
+            return security_drivers[i]->domainSecurityVerify(def);
        }
    }
-    virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+    virSecurityReportError(VIR_ERR_XML_ERROR,
                           _("invalid security model '%s'"), secdef->model);
    return -1;
 }
@@ -72,7 +72,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
        switch (tmp->probe()) {
        case SECURITY_DRIVER_ENABLE:
            virSecurityDriverInit(tmp);
-            if (tmp->open(NULL, tmp) == -1) {
+            if (tmp->open(tmp) == -1) {
                return -1;
            } else {
                *drv = tmp;
@@ -91,7 +91,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
 }
 void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
+virSecurityReportError(int code, const char *fmt, ...)
 {
    va_list args;
    char errorMessage[1024];
@@ -103,7 +103,7 @@ virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
    } else
        errorMessage[0] = '\0';
-    virRaiseError(conn, NULL, NULL, VIR_FROM_SECURITY, code,
+    virRaiseError(NULL, NULL, NULL, VIR_FROM_SECURITY, code,
                  VIR_ERR_ERROR, NULL, NULL, NULL, -1, -1, "%s",
                  errorMessage);
 }
@@ -118,12 +118,11 @@ virSecurityDriverInit(virSecurityDriverPtr drv)
 }
 int
-virSecurityDriverSetDOI(virConnectPtr conn,
+virSecurityDriverSetDOI(virSecurityDriverPtr drv,
-                        virSecurityDriverPtr drv,
                        const char *doi)
 {
    if (strlen(doi) >= VIR_SECURITY_DOI_BUFLEN) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("%s: DOI \'%s\' is "
                               "longer than the maximum allowed length of %d"),
                               __func__, doi, VIR_SECURITY_DOI_BUFLEN - 1);

--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -29,44 +29,29 @@ typedef enum {
 typedef struct _virSecurityDriver virSecurityDriver;
 typedef virSecurityDriver *virSecurityDriverPtr;
 typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
-typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
-                                      virSecurityDriverPtr drv);
+typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm,
-typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
-                                                   virDomainObjPtr vm,
                                                   virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm,
-                                               virDomainObjPtr vm,
                                               virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm,
-                                                     virDomainObjPtr vm,
                                                     virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm,
-                                                 virDomainObjPtr vm,
                                                 virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm,
-                                                    virDomainObjPtr vm,
                                                    const char *savefile);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm,
-                                                        virDomainObjPtr vm,
                                                        const char *savefile);
-typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
-                                          virDomainObjPtr sec);
+typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
-                                              virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainReleaseLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm);
-                                              virDomainObjPtr sec);
+typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
-typedef int (*virSecurityDomainSetAllLabel) (virConnectPtr conn,
-                                             virDomainObjPtr sec);
-typedef int (*virSecurityDomainRestoreAllLabel) (virConnectPtr conn,
-                                                 virDomainObjPtr vm);
-typedef int (*virSecurityDomainGetProcessLabel) (virConnectPtr conn,
-                                                 virDomainObjPtr vm,
                                                 virSecurityLabelPtr sec);
-typedef int (*virSecurityDomainSetProcessLabel) (virConnectPtr conn,
+typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
-                                                 virSecurityDriverPtr drv,
                                                 virDomainObjPtr vm);
-typedef int (*virSecurityDomainSecurityVerify) (virConnectPtr conn,
+typedef int (*virSecurityDomainSecurityVerify) (virDomainDefPtr def);
-                                                virDomainDefPtr def);
 struct _virSecurityDriver {
    const char *name;
@@ -101,16 +86,15 @@ int virSecurityDriverStartup(virSecurityDriverPtr *drv,
                             const char *name);
 int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def);
+virSecurityDriverVerify(virDomainDefPtr def);
 void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
+virSecurityReportError(int code, const char *fmt, ...)
-    ATTRIBUTE_FMT_PRINTF(3, 4);
+    ATTRIBUTE_FMT_PRINTF(2, 3);
 /* Helpers */
 void virSecurityDriverInit(virSecurityDriverPtr drv);
-int virSecurityDriverSetDOI(virConnectPtr conn,
+int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
-                            virSecurityDriverPtr drv,
                            const char *doi);
 const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
 const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);

--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -156,8 +156,7 @@ SELinuxInitialize(void)
 }
 static int
-SELinuxGenSecurityLabel(virConnectPtr conn,
+SELinuxGenSecurityLabel(virDomainObjPtr vm)
-                        virDomainObjPtr vm)
 {
    int rc = -1;
    char mcs[1024];
@@ -171,7 +170,7 @@ SELinuxGenSecurityLabel(virConnectPtr conn,
    if (vm->def->seclabel.label ||
        vm->def->seclabel.model ||
        vm->def->seclabel.imagelabel) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               "%s", _("security label already defined for VM"));
        return rc;
    }
@@ -192,13 +191,13 @@ SELinuxGenSecurityLabel(virConnectPtr conn,
    vm->def->seclabel.label = SELinuxGenNewContext(default_domain_context, mcs);
    if (! vm->def->seclabel.label)  {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("cannot generate selinux context for %s"), mcs);
        goto err;
    }
    vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
    if (! vm->def->seclabel.imagelabel)  {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("cannot generate selinux context for %s"), mcs);
        goto err;
    }
@@ -221,8 +220,7 @@ done:
 }
 static int
-SELinuxReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+SELinuxReserveSecurityLabel(virDomainObjPtr vm)
-                            virDomainObjPtr vm)
 {
    security_context_t pctx;
    context_t ctx = NULL;
@@ -266,19 +264,18 @@ SELinuxSecurityDriverProbe(void)
 }
 static int
-SELinuxSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
 {
    /*
     * Where will the DOI come from?  SELinux configuration, or qemu
     * configuration? For the moment, we'll just set it to "0".
     */
-    virSecurityDriverSetDOI(conn, drv, SECURITY_SELINUX_VOID_DOI);
+    virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
    return SELinuxInitialize();
 }
 static int
-SELinuxGetSecurityProcessLabel(virConnectPtr conn,
+SELinuxGetSecurityProcessLabel(virDomainObjPtr vm,
-                               virDomainObjPtr vm,
                               virSecurityLabelPtr sec)
 {
    security_context_t ctx;
@@ -291,7 +288,7 @@ SELinuxGetSecurityProcessLabel(virConnectPtr conn,
    }
    if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("security label exceeds "
                                 "maximum length: %d"),
                               VIR_SECURITY_LABEL_BUFLEN - 1);
@@ -380,8 +377,7 @@ err:
 }
 static int
-SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
-                                 virDomainObjPtr vm,
                                 virDomainDiskDefPtr disk)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -407,8 +403,7 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 static int
-SELinuxSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
-                             virDomainObjPtr vm,
                             virDomainDiskDefPtr disk)
 {
@@ -482,8 +477,7 @@ SELinuxSetSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 static int
-SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
+SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm,
-                               virDomainObjPtr vm,
                               virDomainHostdevDefPtr dev)
 {
@@ -506,7 +500,7 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
        if (!usb)
            goto done;
-        ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm);
+        ret = usbDeviceFileIterate(NULL, usb, SELinuxSetSecurityUSBLabel, vm);
        usbFreeDevice(usb);
        break;
    }
@@ -520,7 +514,7 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
        if (!pci)
            goto done;
-        ret = pciDeviceFileIterate(conn, pci, SELinuxSetSecurityPCILabel, vm);
+        ret = pciDeviceFileIterate(NULL, pci, SELinuxSetSecurityPCILabel, vm);
        pciFreeDevice(pci);
        break;
@@ -555,8 +549,7 @@ SELinuxRestoreSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 static int
-SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
+SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm,
-                                   virDomainObjPtr vm,
                                   virDomainHostdevDefPtr dev)
 {
@@ -579,7 +572,7 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
        if (!usb)
            goto done;
-        ret = usbDeviceFileIterate(conn, usb, SELinuxRestoreSecurityUSBLabel, NULL);
+        ret = usbDeviceFileIterate(NULL, usb, SELinuxRestoreSecurityUSBLabel, NULL);
        usbFreeDevice(usb);
        break;
@@ -594,7 +587,7 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
        if (!pci)
            goto done;
-        ret = pciDeviceFileIterate(conn, pci, SELinuxRestoreSecurityPCILabel, NULL);
+        ret = pciDeviceFileIterate(NULL, pci, SELinuxRestoreSecurityPCILabel, NULL);
        pciFreeDevice(pci);
        break;
@@ -610,8 +603,7 @@ done:
 }
 static int
-SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
+SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
-                               virDomainObjPtr vm)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
    int i;
@@ -623,11 +615,11 @@ SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
        return 0;
    for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (SELinuxRestoreSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+        if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
            rc = -1;
    }
    for (i = 0 ; i < vm->def->ndisks ; i++) {
-        if (SELinuxRestoreSecurityImageLabel(conn, vm,
+        if (SELinuxRestoreSecurityImageLabel(vm,
                                             vm->def->disks[i]) < 0)
            rc = -1;
    }
@@ -636,8 +628,7 @@ SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
 }
 static int
-SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
-                            virDomainObjPtr vm)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -659,8 +650,7 @@ SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+SELinuxSetSavedStateLabel(virDomainObjPtr vm,
-                          virDomainObjPtr vm,
                          const char *savefile)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -673,8 +663,7 @@ SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
+SELinuxRestoreSavedStateLabel(virDomainObjPtr vm,
-                              virDomainObjPtr vm,
                              const char *savefile)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -687,12 +676,12 @@ SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 static int
-SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+SELinuxSecurityVerify(virDomainDefPtr def)
 {
    const virSecurityLabelDefPtr secdef = &def->seclabel;
    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
        if (security_check_context(secdef->label) != 0) {
-            virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+            virSecurityReportError(VIR_ERR_XML_ERROR,
                                   _("Invalid security label %s"), secdef->label);
            return -1;
        }
@@ -701,8 +690,7 @@ SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
 }
 static int
-SELinuxSetSecurityProcessLabel(virConnectPtr conn,
+SELinuxSetSecurityProcessLabel(virSecurityDriverPtr drv,
-                               virSecurityDriverPtr drv,
                               virDomainObjPtr vm)
 {
    /* TODO: verify DOI */
@@ -712,7 +700,7 @@ SELinuxSetSecurityProcessLabel(virConnectPtr conn,
        return 0;
    if (!STREQ(drv->name, secdef->model)) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                               _("security label driver mismatch: "
                                 "'%s' model configured for domain, but "
                                 "hypervisor driver is '%s'."),
@@ -733,8 +721,7 @@ SELinuxSetSecurityProcessLabel(virConnectPtr conn,
 }
 static int
-SELinuxSetSecurityAllLabel(virConnectPtr conn,
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
-                           virDomainObjPtr vm)
 {
    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
    int i;
@@ -749,11 +736,11 @@ SELinuxSetSecurityAllLabel(virConnectPtr conn,
                     vm->def->disks[i]->src, vm->def->disks[i]->dst);
            continue;
        }
-        if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+        if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
            return -1;
    }
    for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (SELinuxSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+        if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
            return -1;
    }