5:25 a.m.
All of the listed functions are available in libselinux version 2.2.
Our supported OSes start with version 2.5 so there is no need to check
it.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
m4/virt-secdriver-selinux.m4 | 24 ++----------------------
src/security/security_selinux.c | 18 +++---------------
tests/securityselinuxhelper.c | 6 ------
3 files changed, 5 insertions(+), 43 deletions(-)
diff --git a/m4/virt-secdriver-selinux.m4 b/m4/virt-secdriver-selinux.m4
index a48569fc33a..4174249a510 100644
--- a/m4/virt-secdriver-selinux.m4
+++ b/m4/virt-secdriver-selinux.m4
@@ -32,28 +32,8 @@ AC_DEFUN([LIBVIRT_SECDRIVER_CHECK_SELINUX], [
AC_MSG_ERROR([You must install the libselinux development package and enable
SELinux with the --with-selinux=yes in order to compile libvirt
--with-secdriver-selinux=yes])
fi
elif test "$with_secdriver_selinux" != "no"; then
- old_CFLAGS="$CFLAGS"
- old_LIBS="$LIBS"
- CFLAGS="$CFLAGS $SELINUX_CFLAGS"
- LIBS="$CFLAGS $SELINUX_LIBS"
-
- fail=0
- AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
- AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
- AC_CHECK_FUNCS([selinux_lxc_contexts_path])
- CFLAGS="$old_CFLAGS"
- LIBS="$old_LIBS"
-
- if test "$fail" = "1" ; then
- if test "$with_secdriver_selinux" = "check" ; then
- with_secdriver_selinux=no
- else
- AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in
order to compile libvirt --with-secdriver-selinux=yes])
- fi
- else
- with_secdriver_selinux=yes
- AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is
available])
- fi
+ with_secdriver_selinux=yes
+ AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is
available])
fi
AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" !=
"no"])
])
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f8c1a0a2f1a..67dc6ce09a4 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -639,7 +639,6 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
}
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
static int
virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
{
@@ -702,15 +701,6 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
virHashFree(data->mcs);
return -1;
}
-#else
-static int
-virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr G_GNUC_UNUSED)
-{
- virReportSystemError(ENOSYS, "%s",
- _("libselinux does not support LXC contexts path"));
- return -1;
-}
-#endif
static int
@@ -1018,11 +1008,9 @@ virSecuritySELinuxDriverProbe(const char *virtDriver)
if (is_selinux_enabled() <= 0)
return SECURITY_DRIVER_DISABLE;
- if (virtDriver && STREQ(virtDriver, "LXC")) {
-#if HAVE_SELINUX_LXC_CONTEXTS_PATH
- if (!virFileExists(selinux_lxc_contexts_path()))
-#endif
- return SECURITY_DRIVER_DISABLE;
+ if (virtDriver && STREQ(virtDriver, "LXC") &&
+ !virFileExists(selinux_lxc_contexts_path())) {
+ return SECURITY_DRIVER_DISABLE;
}
return SECURITY_DRIVER_ENABLE;
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index 0556241fd55..c3d7f8c1cee 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -48,9 +48,7 @@ static int (*real_is_selinux_enabled)(void);
static const char *(*real_selinux_virtual_domain_context_path)(void);
static const char *(*real_selinux_virtual_image_context_path)(void);
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
static const char *(*real_selinux_lxc_contexts_path)(void);
-#endif
static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
const struct selinux_opt *opts,
@@ -73,9 +71,7 @@ static void init_syms(void)
VIR_MOCK_REAL_INIT(selinux_virtual_domain_context_path);
VIR_MOCK_REAL_INIT(selinux_virtual_image_context_path);
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path);
-#endif
VIR_MOCK_REAL_INIT(selabel_open);
VIR_MOCK_REAL_INIT(selabel_close);
@@ -273,7 +269,6 @@ const char *selinux_virtual_image_context_path(void)
return abs_srcdir "/securityselinuxhelperdata/virtual_image_context";
}
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
const char *selinux_lxc_contexts_path(void)
{
init_syms();
@@ -283,7 +278,6 @@ const char *selinux_lxc_contexts_path(void)
return abs_srcdir "/securityselinuxhelperdata/lxc_contexts";
}
-#endif
struct selabel_handle *
selabel_open(unsigned int backend,
--
2.26.2