2011/1/14 Eric Blake <eblake(a)redhat.com>:
I haven't looked into this closely yet, but Daniel's
security
refactoring broke the Ubuntu 'make check' build when apparmor is enabled:
CC secaatest.o
secaatest.c: In function 'main':
secaatest.c:18: error: implicit declaration of function
'virSecurityDriverStartup' [-Wimplicit-function-declaration]
As part of Dan's security driver refactoring (commit d6623003) he also
updated seclabeltest.c as this one was meant for the SELinux security
driver. secaatest.c was meant for the AppArmor driver that probably
isn't enabled on his computer, so he didn't notice the problem here.
We can use seclabeltest.c as an example how to update secaatest.c too.
The problem here is that
virSecurityDriverStartup(&security_drv, "selinux", false);
got replaced by
virSecurityManagerNew(NULL, false);
in seclabeltest.c. This means that the old test explicitly tested the
SELinux driver, the new test just picks the first available and
enabled driver.
Using virSecurityManagerNew("apparmor", false); fails for me because
it tests if AppArmor is properly configured for libvirt, that's not
the case on my system. Therefore, secaatest still fails for me.
As seclabeltest and secaatest only test for a non-NULL model and DOI
string, I wonder if we should just remove secaatest and make
seclabeltest unconditional as we have a dummy security driver in place
now, when SELinux and AppArmor are disabled.
Matthias