From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 24 Jun 2020 08:57:22 +0000 (+0200)
Subject: m4: virt-secdriver-selinux: drop obsolete function checks
X-Git-Tag: v6.6.0-rc1~156
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3a1a3d708701a31078da5d68f50c268f52123e5;p=thirdparty%2Flibvirt.git

m4: virt-secdriver-selinux: drop obsolete function checks

All of the listed functions are available in libselinux version 2.2.
Our supported OSes start with version 2.5 so there is no need to check
it.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/m4/virt-secdriver-selinux.m4 b/m4/virt-secdriver-selinux.m4
index a48569fc33..4174249a51 100644
--- a/m4/virt-secdriver-selinux.m4
+++ b/m4/virt-secdriver-selinux.m4
@@ -32,28 +32,8 @@ AC_DEFUN([LIBVIRT_SECDRIVER_CHECK_SELINUX], [
       AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes])
     fi
   elif test "$with_secdriver_selinux" != "no"; then
-    old_CFLAGS="$CFLAGS"
-    old_LIBS="$LIBS"
-    CFLAGS="$CFLAGS $SELINUX_CFLAGS"
-    LIBS="$CFLAGS $SELINUX_LIBS"
-
-    fail=0
-    AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
-    AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
-    AC_CHECK_FUNCS([selinux_lxc_contexts_path])
-    CFLAGS="$old_CFLAGS"
-    LIBS="$old_LIBS"
-
-    if test "$fail" = "1" ; then
-      if test "$with_secdriver_selinux" = "check" ; then
-        with_secdriver_selinux=no
-      else
-        AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in order to compile libvirt --with-secdriver-selinux=yes])
-      fi
-    else
-      with_secdriver_selinux=yes
-      AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available])
-    fi
+    with_secdriver_selinux=yes
+    AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available])
   fi
   AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
 ])
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 52ff4fab0f..1d28430035 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -639,7 +639,6 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
 }
 
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static int
 virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
 {
@@ -702,15 +701,6 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
     virHashFree(data->mcs);
     return -1;
 }
-#else
-static int
-virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr G_GNUC_UNUSED)
-{
-    virReportSystemError(ENOSYS, "%s",
-                         _("libselinux does not support LXC contexts path"));
-    return -1;
-}
-#endif
 
 
 static int
@@ -1018,11 +1008,9 @@ virSecuritySELinuxDriverProbe(const char *virtDriver)
     if (is_selinux_enabled() <= 0)
         return SECURITY_DRIVER_DISABLE;
 
-    if (virtDriver && STREQ(virtDriver, "LXC")) {
-#if HAVE_SELINUX_LXC_CONTEXTS_PATH
-        if (!virFileExists(selinux_lxc_contexts_path()))
-#endif
-            return SECURITY_DRIVER_DISABLE;
+    if (virtDriver && STREQ(virtDriver, "LXC") &&
+        !virFileExists(selinux_lxc_contexts_path())) {
+        return SECURITY_DRIVER_DISABLE;
     }
 
     return SECURITY_DRIVER_ENABLE;
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index 0556241fd5..c3d7f8c1ce 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -48,9 +48,7 @@ static int (*real_is_selinux_enabled)(void);
 static const char *(*real_selinux_virtual_domain_context_path)(void);
 static const char *(*real_selinux_virtual_image_context_path)(void);
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static const char *(*real_selinux_lxc_contexts_path)(void);
-#endif
 
 static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
                                                   const struct selinux_opt *opts,
@@ -73,9 +71,7 @@ static void init_syms(void)
     VIR_MOCK_REAL_INIT(selinux_virtual_domain_context_path);
     VIR_MOCK_REAL_INIT(selinux_virtual_image_context_path);
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
     VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path);
-#endif
 
     VIR_MOCK_REAL_INIT(selabel_open);
     VIR_MOCK_REAL_INIT(selabel_close);
@@ -273,7 +269,6 @@ const char *selinux_virtual_image_context_path(void)
     return abs_srcdir "/securityselinuxhelperdata/virtual_image_context";
 }
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 const char *selinux_lxc_contexts_path(void)
 {
     init_syms();
@@ -283,7 +278,6 @@ const char *selinux_lxc_contexts_path(void)
 
     return abs_srcdir "/securityselinuxhelperdata/lxc_contexts";
 }
-#endif
 
 struct selabel_handle *
 selabel_open(unsigned int backend,