security: Remove VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE

Nothing is setting that flag now so it can be removed. Note that
removing 'mgr' from 'load_profile' in the apparmor driver would create a
lot of churn.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 333d098be4fdd50e24b5a1af3155099d0d785daa..cb41df71a98d5fcdece1b82830b57222772d5b7f 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -170,7 +170,7 @@ profile_status_file(const char *str)
  * load (add) a profile. Will create one if necessary
  */
 static int
-load_profile(virSecurityManagerPtr mgr,
+load_profile(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
              const char *profile,
              virDomainDefPtr def,
              const char *fn,
@@ -180,8 +180,6 @@ load_profile(virSecurityManagerPtr mgr,
     bool create = true;
     char *xml = NULL;
     virCommandPtr cmd = NULL;
-    const char *probe = virSecurityManagerGetAllowDiskFormatProbing(mgr)
-        ? "1" : "0";
 
     xml = virDomainDefFormat(def, NULL, VIR_DOMAIN_DEF_FORMAT_SECURE);
     if (!xml)
@@ -190,7 +188,7 @@ load_profile(virSecurityManagerPtr mgr,
     if (profile_status_file(profile) >= 0)
         create = false;
 
-    cmd = virCommandNewArgList(VIRT_AA_HELPER, "-p", probe,
+    cmd = virCommandNewArgList(VIRT_AA_HELPER,
                                create ? "-c" : "-r",
                                "-u", profile, NULL);
     if (!create && fn) {

diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 8683ad7d36d88768c972bddd56cb527141ec19aa..df7ffa84aafc78eec0b913d1b1f1d11e56891a6b 100644 (file)
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -365,13 +365,6 @@ virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr,
 }
 
 
-bool
-virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr)
-{
-    return mgr->flags & VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE;
-}
-
-
 bool
 virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr)
 {

diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index e772b6165ed42e40296e67c6bc3cf4f839ce5dc2..1ead369e82bd71345aca6af490ab7a54998ecf78 100644 (file)
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -31,7 +31,6 @@ typedef struct _virSecurityManager virSecurityManager;
 typedef virSecurityManager *virSecurityManagerPtr;
 
 typedef enum {
-    VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE   = 1 << 0,
     VIR_SECURITY_MANAGER_DEFAULT_CONFINED   = 1 << 1,
     VIR_SECURITY_MANAGER_REQUIRE_CONFINED   = 1 << 2,
     VIR_SECURITY_MANAGER_PRIVILEGED         = 1 << 3,
@@ -40,8 +39,7 @@ typedef enum {
 } virSecurityManagerNewFlags;
 
 # define VIR_SECURITY_MANAGER_NEW_MASK \
-    (VIR_SECURITY_MANAGER_ALLOW_DISK_PROBE  | \
-     VIR_SECURITY_MANAGER_DEFAULT_CONFINED  | \
+    (VIR_SECURITY_MANAGER_DEFAULT_CONFINED  | \
      VIR_SECURITY_MANAGER_REQUIRE_CONFINED  | \
      VIR_SECURITY_MANAGER_PRIVILEGED)
 
@@ -89,7 +87,6 @@ const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
 const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
 const char *virSecurityManagerGetBaseLabel(virSecurityManagerPtr mgr, int virtType);
 
-bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetDefaultConfined(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetRequireConfined(virSecurityManagerPtr mgr);
 bool virSecurityManagerGetPrivileged(virSecurityManagerPtr mgr);