[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 4/4] Remove use of virConnectPtr from security driver APIs



The virConnectPtr is no longer required for error reporting since
that is recorded in a thread local. Remove use of virConnectPtr
from all APIs in security_driver.{h,c} and update all callers to
match
---
 src/qemu/qemu_driver.c           |   90 ++++++++++++++++------------------
 src/qemu/qemu_security_dac.c     |   43 +++++++----------
 src/qemu/qemu_security_stacked.c |   99 ++++++++++++++++----------------------
 src/security/security_apparmor.c |   69 ++++++++++++--------------
 src/security/security_driver.c   |   17 +++----
 src/security/security_driver.h   |   54 +++++++-------------
 src/security/security_selinux.c  |   73 +++++++++++----------------
 7 files changed, 189 insertions(+), 256 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7c5dfe4..4cc66be 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -118,8 +118,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
                               const char *migrateFrom,
                               int stdin_fd);
 
-static void qemudShutdownVMDaemon(virConnectPtr conn,
-                                  struct qemud_driver *driver,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
                                   virDomainObjPtr vm);
 
 static int qemudDomainGetMaxVcpus(virDomainPtr dom);
@@ -681,7 +680,7 @@ qemuHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
                                      VIR_DOMAIN_EVENT_STOPPED_FAILED :
                                      VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
 
-    qemudShutdownVMDaemon(NULL, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
     if (!vm->persistent)
         virDomainRemoveInactive(&driver->domains, vm);
     else
@@ -865,7 +864,7 @@ qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaq
 
     if (driver->securityDriver &&
         driver->securityDriver->domainReserveSecurityLabel &&
-        driver->securityDriver->domainReserveSecurityLabel(NULL, obj) < 0)
+        driver->securityDriver->domainReserveSecurityLabel(obj) < 0)
         goto error;
 
     if (obj->def->id >= driver->nextvmid)
@@ -878,7 +877,7 @@ error:
     /* We can't get the monitor back, so must kill the VM
      * to remove danger of it ending up running twice if
      * user tries to start it again later */
-    qemudShutdownVMDaemon(NULL, driver, obj);
+    qemudShutdownVMDaemon(driver, obj);
     if (!obj->persistent)
         virDomainRemoveInactive(&driver->domains, obj);
     else
@@ -2468,7 +2467,7 @@ static int qemudSecurityHook(void *data) {
 
     if (h->driver->securityDriver &&
         h->driver->securityDriver->domainSetSecurityProcessLabel &&
-        h->driver->securityDriver->domainSetSecurityProcessLabel(h->conn, h->driver->securityDriver, h->vm) < 0)
+        h->driver->securityDriver->domainSetSecurityProcessLabel(h->driver->securityDriver, h->vm) < 0)
         return -1;
 
     return 0;
@@ -2536,12 +2535,12 @@ static int qemudStartVMDaemon(virConnectPtr conn,
        then generate a security label for isolation */
     if (driver->securityDriver &&
         driver->securityDriver->domainGenSecurityLabel &&
-        driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0)
+        driver->securityDriver->domainGenSecurityLabel(vm) < 0)
         return -1;
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityAllLabel &&
-        driver->securityDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+        driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
         goto cleanup;
 
     /* Ensure no historical cgroup for this VM is lieing around bogus settings */
@@ -2767,10 +2766,10 @@ cleanup:
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityAllLabel)
-        driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+        driver->securityDriver->domainRestoreSecurityAllLabel(vm);
     if (driver->securityDriver &&
         driver->securityDriver->domainReleaseSecurityLabel)
-        driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+        driver->securityDriver->domainReleaseSecurityLabel(vm);
     qemuRemoveCgroup(driver, vm, 0);
     if ((vm->def->ngraphics == 1) &&
         vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
@@ -2784,7 +2783,7 @@ cleanup:
 abort:
     /* We jump here if we failed to initialize the now running VM
      * killing it off and pretend we never started it */
-    qemudShutdownVMDaemon(conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
 
     if (logfile != -1)
         close(logfile);
@@ -2793,8 +2792,7 @@ abort:
 }
 
 
-static void qemudShutdownVMDaemon(virConnectPtr conn,
-                                  struct qemud_driver *driver,
+static void qemudShutdownVMDaemon(struct qemud_driver *driver,
                                   virDomainObjPtr vm) {
     int ret;
     int retries = 0;
@@ -2851,10 +2849,10 @@ static void qemudShutdownVMDaemon(virConnectPtr conn,
     /* Reset Security Labels */
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityAllLabel)
-        driver->securityDriver->domainRestoreSecurityAllLabel(conn, vm);
+        driver->securityDriver->domainRestoreSecurityAllLabel(vm);
     if (driver->securityDriver &&
         driver->securityDriver->domainReleaseSecurityLabel)
-        driver->securityDriver->domainReleaseSecurityLabel(conn, vm);
+        driver->securityDriver->domainReleaseSecurityLabel(vm);
 
     /* Clear out dynamically assigned labels */
     if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
@@ -3306,7 +3304,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 
-    if (virSecurityDriverVerify(conn, def) < 0)
+    if (virSecurityDriverVerify(def) < 0)
         goto cleanup;
 
     if (virDomainObjIsDuplicate(&driver->domains, def, 1) < 0)
@@ -3535,7 +3533,7 @@ static int qemudDomainDestroy(virDomainPtr dom) {
         goto endjob;
     }
 
-    qemudShutdownVMDaemon(dom->conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
@@ -3911,7 +3909,7 @@ static int qemudDomainSave(virDomainPtr dom,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSavedStateLabel &&
-        driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
         goto endjob;
 
     if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
@@ -3938,13 +3936,13 @@ static int qemudDomainSave(virDomainPtr dom,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSavedStateLabel &&
-        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
         goto endjob;
 
     ret = 0;
 
     /* Shut it down */
-    qemudShutdownVMDaemon(dom->conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      VIR_DOMAIN_EVENT_STOPPED_SAVED);
@@ -4025,7 +4023,7 @@ static int qemudDomainCoreDump(virDomainPtr dom,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSavedStateLabel &&
-        driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainSetSavedStateLabel(vm, path) == -1)
         goto endjob;
 
     /* Migrate will always stop the VM, so the resume condition is
@@ -4052,12 +4050,12 @@ static int qemudDomainCoreDump(virDomainPtr dom,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSavedStateLabel &&
-        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+        driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
         goto endjob;
 
 endjob:
     if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
-        qemudShutdownVMDaemon(dom->conn, driver, vm);
+        qemudShutdownVMDaemon(driver, vm);
         event = virDomainEventNewFromObj(vm,
                                          VIR_DOMAIN_EVENT_STOPPED,
                                          VIR_DOMAIN_EVENT_STOPPED_CRASHED);
@@ -4388,7 +4386,7 @@ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr sec
      */
     if (virDomainObjIsActive(vm)) {
         if (driver->securityDriver && driver->securityDriver->domainGetSecurityProcessLabel) {
-            if (driver->securityDriver->domainGetSecurityProcessLabel(dom->conn, vm, seclabel) == -1) {
+            if (driver->securityDriver->domainGetSecurityProcessLabel(vm, seclabel) == -1) {
                 qemuReportError(VIR_ERR_INTERNAL_ERROR,
                                 "%s", _("Failed to get security label"));
                 goto cleanup;
@@ -5000,7 +4998,7 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 
-    if (virSecurityDriverVerify(conn, def) < 0)
+    if (virSecurityDriverVerify(def) < 0)
         goto cleanup;
 
     if ((dupVM = virDomainObjIsDuplicate(&driver->domains, def, 0)) < 0)
@@ -5095,8 +5093,7 @@ cleanup:
 }
 
 
-static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
-                                           struct qemud_driver *driver,
+static int qemudDomainChangeEjectableMedia(struct qemud_driver *driver,
                                            virDomainObjPtr vm,
                                            virDomainDiskDefPtr disk)
 {
@@ -5137,7 +5134,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
         return -1;
 
     qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -5163,7 +5160,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, origdisk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, origdisk) < 0)
         VIR_WARN("Unable to restore security label on ejected image %s", origdisk->src);
 
     VIR_FREE(origdisk->src);
@@ -5178,7 +5175,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
 error:
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
         VIR_WARN("Unable to restore security label on new media %s", disk->src);
     return -1;
 }
@@ -5205,7 +5202,7 @@ static int qemudDomainAttachPciDiskDevice(struct qemud_driver *driver,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
         return -1;
 
     if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
@@ -5266,7 +5263,7 @@ error:
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
         VIR_WARN("Unable to restore security label on %s", disk->src);
 
     return -1;
@@ -5398,7 +5395,7 @@ static int qemudDomainAttachSCSIDisk(struct qemud_driver *driver,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
         return -1;
 
     /* We should have an address already, so make sure */
@@ -5475,7 +5472,7 @@ error:
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
         VIR_WARN("Unable to restore security label on %s", disk->src);
 
     return -1;
@@ -5502,7 +5499,7 @@ static int qemudDomainAttachUsbMassstorageDevice(struct qemud_driver *driver,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityImageLabel &&
-        driver->securityDriver->domainSetSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainSetSecurityImageLabel(vm, disk) < 0)
         return -1;
 
     if (!disk->src) {
@@ -5554,7 +5551,7 @@ error:
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
         VIR_WARN("Unable to restore security label on %s", disk->src);
 
     return -1;
@@ -5825,8 +5822,7 @@ error:
 }
 
 
-static int qemudDomainAttachHostDevice(virConnectPtr conn,
-                                       struct qemud_driver *driver,
+static int qemudDomainAttachHostDevice(struct qemud_driver *driver,
                                        virDomainObjPtr vm,
                                        virDomainHostdevDefPtr hostdev,
                                        int qemuCmdFlags)
@@ -5840,7 +5836,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainSetSecurityHostdevLabel &&
-        driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, hostdev) < 0)
+        driver->securityDriver->domainSetSecurityHostdevLabel(vm, hostdev) < 0)
         return -1;
 
     switch (hostdev->source.subsys.type) {
@@ -5868,7 +5864,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
 error:
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securityDriver->domainRestoreSecurityHostdevLabel(conn, vm, hostdev) < 0)
+        driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, hostdev) < 0)
         VIR_WARN0("Unable to restore host device labelling on hotplug fail");
 
     return -1;
@@ -5936,7 +5932,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
         switch (dev->data.disk->device) {
         case VIR_DOMAIN_DISK_DEVICE_CDROM:
         case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
-            ret = qemudDomainChangeEjectableMedia(dom->conn, driver, vm, dev->data.disk);
+            ret = qemudDomainChangeEjectableMedia(driver, vm, dev->data.disk);
             if (ret == 0)
                 dev->data.disk = NULL;
             break;
@@ -5991,7 +5987,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
         if (ret == 0)
             dev->data.net = NULL;
     } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
-        ret = qemudDomainAttachHostDevice(dom->conn, driver, vm,
+        ret = qemudDomainAttachHostDevice(driver, vm,
                                           dev->data.hostdev, qemuCmdFlags);
         if (ret == 0)
             dev->data.hostdev = NULL;
@@ -6085,7 +6081,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityImageLabel &&
-        driver->securityDriver->domainRestoreSecurityImageLabel(NULL, vm, dev->data.disk) < 0)
+        driver->securityDriver->domainRestoreSecurityImageLabel(vm, dev->data.disk) < 0)
         VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
 
     ret = 0;
@@ -6357,7 +6353,7 @@ static int qemudDomainDetachHostDevice(struct qemud_driver *driver,
 
     if (driver->securityDriver &&
         driver->securityDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securityDriver->domainRestoreSecurityHostdevLabel(NULL, vm, dev->data.hostdev) < 0)
+        driver->securityDriver->domainRestoreSecurityHostdevLabel(vm, dev->data.hostdev) < 0)
         VIR_WARN0("Failed to restore host device labelling");
 
     return ret;
@@ -7506,7 +7502,7 @@ qemudDomainMigratePrepareTunnel(virConnectPtr dconn,
 
     qemust = qemuStreamMigOpen(st, unixfile);
     if (qemust == NULL) {
-        qemudShutdownVMDaemon(NULL, driver, vm);
+        qemudShutdownVMDaemon(driver, vm);
         if (!vm->persistent) {
             if (qemuDomainObjEndJob(vm) > 0)
                 virDomainRemoveInactive(&driver->domains, vm);
@@ -8193,7 +8189,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
     }
 
     /* Clean up the source domain. */
-    qemudShutdownVMDaemon (dom->conn, driver, vm);
+    qemudShutdownVMDaemon(driver, vm);
     paused = 0;
 
     event = virDomainEventNewFromObj(vm,
@@ -8336,7 +8332,7 @@ qemudDomainMigrateFinish2 (virConnectPtr dconn,
         }
         virDomainSaveStatus(driver->caps, driver->stateDir, vm);
     } else {
-        qemudShutdownVMDaemon (dconn, driver, vm);
+        qemudShutdownVMDaemon(driver, vm);
         event = virDomainEventNewFromObj(vm,
                                          VIR_DOMAIN_EVENT_STOPPED,
                                          VIR_DOMAIN_EVENT_STOPPED_FAILED);
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index e753490..11f41b3 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -105,8 +105,7 @@ err:
 
 
 static int
-qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                     virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                      virDomainDiskDefPtr disk)
 
 {
@@ -149,8 +148,7 @@ qemuSecurityDACSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-qemuSecurityDACRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                         virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityImageLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                          virDomainDiskDefPtr disk)
 {
     if (!driver->privileged || !driver->dynamicOwnership)
@@ -195,8 +193,7 @@ qemuSecurityDACSetSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
-                                       virDomainObjPtr vm,
+qemuSecurityDACSetSecurityHostdevLabel(virDomainObjPtr vm,
                                        virDomainHostdevDefPtr dev)
 
 {
@@ -218,7 +215,7 @@ qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
         if (!usb)
             goto done;
 
-        ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
+        ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACSetSecurityUSBLabel, vm);
         usbFreeDevice(usb);
         break;
     }
@@ -232,7 +229,7 @@ qemuSecurityDACSetSecurityHostdevLabel(virConnectPtr conn,
         if (!pci)
             goto done;
 
-        ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACSetSecurityPCILabel, vm);
+        ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACSetSecurityPCILabel, vm);
         pciFreeDevice(pci);
 
         break;
@@ -269,8 +266,7 @@ qemuSecurityDACRestoreSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
-                                           virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSecurityHostdevLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                            virDomainHostdevDefPtr dev)
 
 {
@@ -292,7 +288,7 @@ qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
         if (!usb)
             goto done;
 
-        ret = usbDeviceFileIterate(conn, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
+        ret = usbDeviceFileIterate(NULL, usb, qemuSecurityDACRestoreSecurityUSBLabel, NULL);
         usbFreeDevice(usb);
 
         break;
@@ -307,7 +303,7 @@ qemuSecurityDACRestoreSecurityHostdevLabel(virConnectPtr conn,
         if (!pci)
             goto done;
 
-        ret = pciDeviceFileIterate(conn, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
+        ret = pciDeviceFileIterate(NULL, pci, qemuSecurityDACRestoreSecurityPCILabel, NULL);
         pciFreeDevice(pci);
 
         break;
@@ -324,8 +320,7 @@ done:
 
 
 static int
-qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
-                                       virDomainObjPtr vm)
+qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
 {
     int i;
     int rc = 0;
@@ -336,12 +331,12 @@ qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
     VIR_DEBUG("Restoring security label on %s", vm->def->name);
 
     for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (qemuSecurityDACRestoreSecurityHostdevLabel(conn, vm,
+        if (qemuSecurityDACRestoreSecurityHostdevLabel(vm,
                                                        vm->def->hostdevs[i]) < 0)
             rc = -1;
     }
     for (i = 0 ; i < vm->def->ndisks ; i++) {
-        if (qemuSecurityDACRestoreSecurityImageLabel(conn, vm,
+        if (qemuSecurityDACRestoreSecurityImageLabel(vm,
                                                      vm->def->disks[i]) < 0)
             rc = -1;
     }
@@ -350,8 +345,7 @@ qemuSecurityDACRestoreSecurityAllLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
-                                   virDomainObjPtr vm)
+qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
 {
     int i;
 
@@ -362,11 +356,11 @@ qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
         /* XXX fixme - we need to recursively label the entriy tree :-( */
         if (vm->def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_DIR)
             continue;
-        if (qemuSecurityDACSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+        if (qemuSecurityDACSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
             return -1;
     }
     for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (qemuSecurityDACSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+        if (qemuSecurityDACSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
             return -1;
     }
 
@@ -375,8 +369,7 @@ qemuSecurityDACSetSecurityAllLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                  virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACSetSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                   const char *savefile)
 {
     if (!driver->privileged || !driver->dynamicOwnership)
@@ -387,8 +380,7 @@ qemuSecurityDACSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                      virDomainObjPtr vm ATTRIBUTE_UNUSED,
+qemuSecurityDACRestoreSavedStateLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED,
                                       const char *savefile)
 {
     if (!driver->privileged || !driver->dynamicOwnership)
@@ -399,8 +391,7 @@ qemuSecurityDACRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-qemuSecurityDACSetProcessLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                               virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+qemuSecurityDACSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
                                virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
     DEBUG("Dropping privileges of VM to %d:%d", driver->user, driver->group);
diff --git a/src/qemu/qemu_security_stacked.c b/src/qemu/qemu_security_stacked.c
index deabe0a..c0258ce 100644
--- a/src/qemu/qemu_security_stacked.c
+++ b/src/qemu/qemu_security_stacked.c
@@ -38,19 +38,18 @@ void qemuSecurityStackedSetDriver(struct qemud_driver *newdriver)
 
 
 static int
-qemuSecurityStackedVerify(virConnectPtr conn,
-                          virDomainDefPtr def)
+qemuSecurityStackedVerify(virDomainDefPtr def)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSecurityVerify &&
-        driver->securitySecondaryDriver->domainSecurityVerify(conn, def) < 0)
+        driver->securitySecondaryDriver->domainSecurityVerify(def) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSecurityVerify &&
-        driver->securityPrimaryDriver->domainSecurityVerify(conn, def) < 0)
+        driver->securityPrimaryDriver->domainSecurityVerify(def) < 0)
         rc = -1;
 
     return rc;
@@ -58,19 +57,18 @@ qemuSecurityStackedVerify(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedGenLabel(virConnectPtr conn,
-                            virDomainObjPtr vm)
+qemuSecurityStackedGenLabel(virDomainObjPtr vm)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainGenSecurityLabel &&
-        driver->securitySecondaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainGenSecurityLabel(vm) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainGenSecurityLabel &&
-        driver->securityPrimaryDriver->domainGenSecurityLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainGenSecurityLabel(vm) < 0)
         rc = -1;
 
     return rc;
@@ -78,19 +76,18 @@ qemuSecurityStackedGenLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedReleaseLabel(virConnectPtr conn,
-                                virDomainObjPtr vm)
+qemuSecurityStackedReleaseLabel(virDomainObjPtr vm)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainReleaseSecurityLabel &&
-        driver->securitySecondaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainReleaseSecurityLabel(vm) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainReleaseSecurityLabel &&
-        driver->securityPrimaryDriver->domainReleaseSecurityLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainReleaseSecurityLabel(vm) < 0)
         rc = -1;
 
     return rc;
@@ -98,19 +95,18 @@ qemuSecurityStackedReleaseLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedReserveLabel(virConnectPtr conn,
-                                virDomainObjPtr vm)
+qemuSecurityStackedReserveLabel(virDomainObjPtr vm)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainReserveSecurityLabel &&
-        driver->securitySecondaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainReserveSecurityLabel(vm) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainReserveSecurityLabel &&
-        driver->securityPrimaryDriver->domainReserveSecurityLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainReserveSecurityLabel(vm) < 0)
         rc = -1;
 
     return rc;
@@ -118,20 +114,19 @@ qemuSecurityStackedReserveLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
-                                         virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityImageLabel(virDomainObjPtr vm,
                                          virDomainDiskDefPtr disk)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSetSecurityImageLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSetSecurityImageLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityImageLabel(vm, disk) < 0)
         rc = -1;
 
     return rc;
@@ -139,20 +134,19 @@ qemuSecurityStackedSetSecurityImageLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
-                                             virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityImageLabel(virDomainObjPtr vm,
                                              virDomainDiskDefPtr disk)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainRestoreSecurityImageLabel &&
-        driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securitySecondaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainRestoreSecurityImageLabel &&
-        driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(conn, vm, disk) < 0)
+        driver->securityPrimaryDriver->domainRestoreSecurityImageLabel(vm, disk) < 0)
         rc = -1;
 
     return rc;
@@ -160,8 +154,7 @@ qemuSecurityStackedRestoreSecurityImageLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
-                                           virDomainObjPtr vm,
+qemuSecurityStackedSetSecurityHostdevLabel(virDomainObjPtr vm,
                                            virDomainHostdevDefPtr dev)
 
 {
@@ -169,12 +162,12 @@ qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSetSecurityHostdevLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSetSecurityHostdevLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityHostdevLabel(vm, dev) < 0)
         rc = -1;
 
     return rc;
@@ -182,8 +175,7 @@ qemuSecurityStackedSetSecurityHostdevLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
-                                               virDomainObjPtr vm,
+qemuSecurityStackedRestoreSecurityHostdevLabel(virDomainObjPtr vm,
                                                virDomainHostdevDefPtr dev)
 
 {
@@ -191,12 +183,12 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securitySecondaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel &&
-        driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(conn, vm, dev) < 0)
+        driver->securityPrimaryDriver->domainRestoreSecurityHostdevLabel(vm, dev) < 0)
         rc = -1;
 
     return rc;
@@ -204,19 +196,18 @@ qemuSecurityStackedRestoreSecurityHostdevLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
-                                       virDomainObjPtr vm)
+qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityAllLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0)
         rc = -1;
 
     return rc;
@@ -224,19 +215,18 @@ qemuSecurityStackedSetSecurityAllLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
-                                           virDomainObjPtr vm)
+qemuSecurityStackedRestoreSecurityAllLabel(virDomainObjPtr vm)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainRestoreSecurityAllLabel &&
-        driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+        driver->securitySecondaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainRestoreSecurityAllLabel &&
-        driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(conn, vm) < 0)
+        driver->securityPrimaryDriver->domainRestoreSecurityAllLabel(vm) < 0)
         rc = -1;
 
     return rc;
@@ -244,20 +234,19 @@ qemuSecurityStackedRestoreSecurityAllLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
-                                      virDomainObjPtr vm,
+qemuSecurityStackedSetSavedStateLabel(virDomainObjPtr vm,
                                       const char *savefile)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSetSavedStateLabel &&
-        driver->securitySecondaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securitySecondaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSetSavedStateLabel &&
-        driver->securityPrimaryDriver->domainSetSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securityPrimaryDriver->domainSetSavedStateLabel(vm, savefile) < 0)
         rc = -1;
 
     return rc;
@@ -265,20 +254,19 @@ qemuSecurityStackedSetSavedStateLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
-                                          virDomainObjPtr vm,
+qemuSecurityStackedRestoreSavedStateLabel(virDomainObjPtr vm,
                                           const char *savefile)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainRestoreSavedStateLabel &&
-        driver->securitySecondaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securitySecondaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainRestoreSavedStateLabel &&
-        driver->securityPrimaryDriver->domainRestoreSavedStateLabel(conn, vm, savefile) < 0)
+        driver->securityPrimaryDriver->domainRestoreSavedStateLabel(vm, savefile) < 0)
         rc = -1;
 
     return rc;
@@ -286,23 +274,20 @@ qemuSecurityStackedRestoreSavedStateLabel(virConnectPtr conn,
 
 
 static int
-qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
-                                   virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
+qemuSecurityStackedSetProcessLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
                                    virDomainObjPtr vm)
 {
     int rc = 0;
 
     if (driver->securitySecondaryDriver &&
         driver->securitySecondaryDriver->domainSetSecurityProcessLabel &&
-        driver->securitySecondaryDriver->domainSetSecurityProcessLabel(conn,
-                                                                       driver->securitySecondaryDriver,
+        driver->securitySecondaryDriver->domainSetSecurityProcessLabel(driver->securitySecondaryDriver,
                                                                        vm) < 0)
         rc = -1;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainSetSecurityProcessLabel &&
-        driver->securityPrimaryDriver->domainSetSecurityProcessLabel(conn,
-                                                                     driver->securityPrimaryDriver,
+        driver->securityPrimaryDriver->domainSetSecurityProcessLabel(driver->securityPrimaryDriver,
                                                                      vm) < 0)
         rc = -1;
 
@@ -310,16 +295,14 @@ qemuSecurityStackedSetProcessLabel(virConnectPtr conn,
 }
 
 static int
-qemuSecurityStackedGetProcessLabel(virConnectPtr conn,
-                                   virDomainObjPtr vm,
+qemuSecurityStackedGetProcessLabel(virDomainObjPtr vm,
                                    virSecurityLabelPtr seclabel)
 {
     int rc = 0;
 
     if (driver->securityPrimaryDriver &&
         driver->securityPrimaryDriver->domainGetSecurityProcessLabel &&
-        driver->securityPrimaryDriver->domainGetSecurityProcessLabel(conn,
-                                                                     vm,
+        driver->securityPrimaryDriver->domainGetSecurityProcessLabel(vm,
                                                                      seclabel) < 0)
         rc = -1;
 
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 2d5f944..23f40f8 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -148,7 +148,7 @@ profile_status_file(const char *str)
  * load (add) a profile. Will create one if necessary
  */
 static int
-load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
+load_profile(const char *profile, virDomainObjPtr vm,
              virDomainDiskDefPtr disk)
 {
     int rc = -1, status, ret;
@@ -162,7 +162,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
         return rc;
     }
 
-    xml = virDomainDefFormat(conn, vm->def, VIR_DOMAIN_XML_SECURE);
+    xml = virDomainDefFormat(vm->def, VIR_DOMAIN_XML_SECURE);
     if (!xml)
         goto clean;
 
@@ -204,7 +204,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
         if (errno == EINTR)
             goto rewait;
 
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("Unexpected exit status from virt-aa-helper "
                                "%d pid %lu"),
                                WEXITSTATUS(status), (unsigned long)child);
@@ -311,9 +311,9 @@ AppArmorSecurityDriverProbe(void)
  * currently not used.
  */
 static int
-AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+AppArmorSecurityDriverOpen(virSecurityDriverPtr drv)
 {
-    virSecurityDriverSetDOI(conn, drv, SECURITY_APPARMOR_VOID_DOI);
+    virSecurityDriverSetDOI(drv, SECURITY_APPARMOR_VOID_DOI);
     return 0;
 }
 
@@ -323,7 +323,7 @@ AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
  * called on shutdown.
 */
 static int
-AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorGenSecurityLabel(virDomainObjPtr vm)
 {
     int rc = -1;
     char *profile_name = NULL;
@@ -333,7 +333,7 @@ AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
 
     if ((vm->def->seclabel.label) ||
         (vm->def->seclabel.model) || (vm->def->seclabel.imagelabel)) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s",
                                _("security label already defined for VM"));
         return rc;
@@ -377,15 +377,15 @@ AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm)
 }
 
 static int
-AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorSetSecurityAllLabel(virDomainObjPtr vm)
 {
     if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
         return 0;
 
     /* if the profile is not already loaded, then load one */
     if (profile_loaded(vm->def->seclabel.label) < 0) {
-        if (load_profile(conn, vm->def->seclabel.label, vm, NULL) < 0) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        if (load_profile(vm->def->seclabel.label, vm, NULL) < 0) {
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("cannot generate AppArmor profile "
                                    "\'%s\'"), vm->def->seclabel.label);
             return -1;
@@ -399,8 +399,7 @@ AppArmorSetSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
  * running.
  */
 static int
-AppArmorGetSecurityProcessLabel(virConnectPtr conn,
-                                virDomainObjPtr vm, virSecurityLabelPtr sec)
+AppArmorGetSecurityProcessLabel(virDomainObjPtr vm, virSecurityLabelPtr sec)
 {
     int rc = -1;
     char *profile_name = NULL;
@@ -410,13 +409,13 @@ AppArmorGetSecurityProcessLabel(virConnectPtr conn,
 
     if (virStrcpy(sec->label, profile_name,
         VIR_SECURITY_LABEL_BUFLEN) == NULL) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s", _("error copying profile name"));
         goto clean;
     }
 
     if ((sec->enforcing = profile_status(profile_name, 1)) < 0) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s", _("error calling profile_status()"));
         goto clean;
     }
@@ -432,7 +431,7 @@ AppArmorGetSecurityProcessLabel(virConnectPtr conn,
  * more details. Currently called via qemudShutdownVMDaemon.
  */
 static int
-AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPtr vm)
+AppArmorReleaseSecurityLabel(virDomainObjPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
 
@@ -445,14 +444,14 @@ AppArmorReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainObjPt
 
 
 static int
-AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
+AppArmorRestoreSecurityAllLabel(virDomainObjPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int rc = 0;
 
     if (secdef->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {
         if ((rc = remove_profile(secdef->label)) != 0) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("could not remove profile for \'%s\'"),
                                    secdef->label);
         }
@@ -464,8 +463,7 @@ AppArmorRestoreSecurityAllLabel(virConnectPtr conn, virDomainObjPtr vm)
  * LOCAL_STATE_DIR/log/libvirt/qemu/<vm name>.log
  */
 static int
-AppArmorSetSecurityProcessLabel(virConnectPtr conn,
-                                virSecurityDriverPtr drv, virDomainObjPtr vm)
+AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int rc = -1;
@@ -475,7 +473,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
         return rc;
 
     if (STRNEQ(drv->name, secdef->model)) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("security label driver mismatch: "
                                "\'%s\' model configured for domain, but "
                                "hypervisor driver is \'%s\'."),
@@ -485,7 +483,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
     }
 
     if (aa_change_profile(profile_name) < 0) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("error calling aa_change_profile()"));
         goto clean;
     }
@@ -500,8 +498,7 @@ AppArmorSetSecurityProcessLabel(virConnectPtr conn,
 
 /* Called when hotplugging */
 static int
-AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
-                                  virDomainObjPtr vm,
+AppArmorRestoreSecurityImageLabel(virDomainObjPtr vm,
                                   virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -516,8 +513,8 @@ AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
 
     /* Update the profile only if it is loaded */
     if (profile_loaded(secdef->imagelabel) >= 0) {
-        if (load_profile(conn, secdef->imagelabel, vm, NULL) < 0) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        if (load_profile(secdef->imagelabel, vm, NULL) < 0) {
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("cannot update AppArmor profile "
                                      "\'%s\'"),
                                    secdef->imagelabel);
@@ -534,8 +531,7 @@ AppArmorRestoreSecurityImageLabel(virConnectPtr conn,
 
 /* Called when hotplugging */
 static int
-AppArmorSetSecurityImageLabel(virConnectPtr conn,
-                              virDomainObjPtr vm, virDomainDiskDefPtr disk)
+AppArmorSetSecurityImageLabel(virDomainObjPtr vm, virDomainDiskDefPtr disk)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int rc = -1;
@@ -550,7 +546,7 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
     if (secdef->imagelabel) {
         /* if the device doesn't exist, error out */
         if (!virFileExists(disk->src)) {
-            virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("\'%s\' does not exist"), disk->src);
             return rc;
         }
@@ -560,8 +556,8 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
 
         /* update the profile only if it is loaded */
         if (profile_loaded(secdef->imagelabel) >= 0) {
-            if (load_profile(conn, secdef->imagelabel, vm, disk) < 0) {
-                virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+            if (load_profile(secdef->imagelabel, vm, disk) < 0) {
+                virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                      _("cannot update AppArmor profile "
                                      "\'%s\'"),
                                      secdef->imagelabel);
@@ -578,13 +574,13 @@ AppArmorSetSecurityImageLabel(virConnectPtr conn,
 }
 
 static int
-AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+AppArmorSecurityVerify(virDomainDefPtr def)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
 
     if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
         if (use_apparmor() < 0 || profile_status(secdef->label, 0) < 0) {
-            virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+            virSecurityReportError(VIR_ERR_XML_ERROR,
                                    _("Invalid security label \'%s\'"),
                                    secdef->label);
             return -1;
@@ -594,16 +590,14 @@ AppArmorSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
 }
 
 static int
-AppArmorReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                            virDomainObjPtr vm ATTRIBUTE_UNUSED)
+AppArmorReserveSecurityLabel(virDomainObjPtr vm ATTRIBUTE_UNUSED)
 {
     /* NOOP. Nothing to reserve with AppArmor */
     return 0;
 }
 
 static int
-AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                virDomainObjPtr vm,
+AppArmorSetSecurityHostdevLabel(virDomainObjPtr vm,
                                 virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
 
 {
@@ -617,8 +611,7 @@ AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 
 static int
-AppArmorRestoreSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                    virDomainObjPtr vm,
+AppArmorRestoreSecurityHostdevLabel(virDomainObjPtr vm,
                                     virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED)
 
 {
diff --git a/src/security/security_driver.c b/src/security/security_driver.c
index 4e6172d..27945a6 100644
--- a/src/security/security_driver.c
+++ b/src/security/security_driver.c
@@ -35,7 +35,7 @@ static virSecurityDriverPtr security_drivers[] = {
 };
 
 int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
+virSecurityDriverVerify(virDomainDefPtr def)
 {
     unsigned int i;
     const virSecurityLabelDefPtr secdef = &def->seclabel;
@@ -46,10 +46,10 @@ virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def)
 
     for (i = 0; security_drivers[i] != NULL ; i++) {
         if (STREQ(security_drivers[i]->name, secdef->model)) {
-            return security_drivers[i]->domainSecurityVerify(conn, def);
+            return security_drivers[i]->domainSecurityVerify(def);
         }
     }
-    virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+    virSecurityReportError(VIR_ERR_XML_ERROR,
                            _("invalid security model '%s'"), secdef->model);
     return -1;
 }
@@ -72,7 +72,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
         switch (tmp->probe()) {
         case SECURITY_DRIVER_ENABLE:
             virSecurityDriverInit(tmp);
-            if (tmp->open(NULL, tmp) == -1) {
+            if (tmp->open(tmp) == -1) {
                 return -1;
             } else {
                 *drv = tmp;
@@ -91,7 +91,7 @@ virSecurityDriverStartup(virSecurityDriverPtr *drv,
 }
 
 void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
+virSecurityReportError(int code, const char *fmt, ...)
 {
     va_list args;
     char errorMessage[1024];
@@ -103,7 +103,7 @@ virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
     } else
         errorMessage[0] = '\0';
 
-    virRaiseError(conn, NULL, NULL, VIR_FROM_SECURITY, code,
+    virRaiseError(NULL, NULL, NULL, VIR_FROM_SECURITY, code,
                   VIR_ERR_ERROR, NULL, NULL, NULL, -1, -1, "%s",
                   errorMessage);
 }
@@ -118,12 +118,11 @@ virSecurityDriverInit(virSecurityDriverPtr drv)
 }
 
 int
-virSecurityDriverSetDOI(virConnectPtr conn,
-                        virSecurityDriverPtr drv,
+virSecurityDriverSetDOI(virSecurityDriverPtr drv,
                         const char *doi)
 {
     if (strlen(doi) >= VIR_SECURITY_DOI_BUFLEN) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("%s: DOI \'%s\' is "
                                "longer than the maximum allowed length of %d"),
                                __func__, doi, VIR_SECURITY_DOI_BUFLEN - 1);
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 5d2446d..8860d81 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -29,44 +29,29 @@ typedef enum {
 typedef struct _virSecurityDriver virSecurityDriver;
 typedef virSecurityDriver *virSecurityDriverPtr;
 typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
-typedef int (*virSecurityDriverOpen) (virConnectPtr conn,
-                                      virSecurityDriverPtr drv);
-typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn,
-                                                   virDomainObjPtr vm,
+typedef int (*virSecurityDriverOpen) (virSecurityDriverPtr drv);
+typedef int (*virSecurityDomainRestoreImageLabel) (virDomainObjPtr vm,
                                                    virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn,
-                                               virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetImageLabel) (virDomainObjPtr vm,
                                                virDomainDiskDefPtr disk);
-typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn,
-                                                     virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreHostdevLabel) (virDomainObjPtr vm,
                                                      virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
-                                                 virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetHostdevLabel) (virDomainObjPtr vm,
                                                  virDomainHostdevDefPtr dev);
-typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
-                                                    virDomainObjPtr vm,
+typedef int (*virSecurityDomainSetSavedStateLabel) (virDomainObjPtr vm,
                                                     const char *savefile);
-typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
-                                                        virDomainObjPtr vm,
+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virDomainObjPtr vm,
                                                         const char *savefile);
-typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
-                                          virDomainObjPtr sec);
-typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
-                                              virDomainObjPtr sec);
-typedef int (*virSecurityDomainReleaseLabel) (virConnectPtr conn,
-                                              virDomainObjPtr sec);
-typedef int (*virSecurityDomainSetAllLabel) (virConnectPtr conn,
-                                             virDomainObjPtr sec);
-typedef int (*virSecurityDomainRestoreAllLabel) (virConnectPtr conn,
-                                                 virDomainObjPtr vm);
-typedef int (*virSecurityDomainGetProcessLabel) (virConnectPtr conn,
-                                                 virDomainObjPtr vm,
+typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm);
+typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
                                                  virSecurityLabelPtr sec);
-typedef int (*virSecurityDomainSetProcessLabel) (virConnectPtr conn,
-                                                 virSecurityDriverPtr drv,
+typedef int (*virSecurityDomainSetProcessLabel) (virSecurityDriverPtr drv,
                                                  virDomainObjPtr vm);
-typedef int (*virSecurityDomainSecurityVerify) (virConnectPtr conn,
-                                                virDomainDefPtr def);
+typedef int (*virSecurityDomainSecurityVerify) (virDomainDefPtr def);
 
 struct _virSecurityDriver {
     const char *name;
@@ -101,16 +86,15 @@ int virSecurityDriverStartup(virSecurityDriverPtr *drv,
                              const char *name);
 
 int
-virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def);
+virSecurityDriverVerify(virDomainDefPtr def);
 
 void
-virSecurityReportError(virConnectPtr conn, int code, const char *fmt, ...)
-    ATTRIBUTE_FMT_PRINTF(3, 4);
+virSecurityReportError(int code, const char *fmt, ...)
+    ATTRIBUTE_FMT_PRINTF(2, 3);
 
 /* Helpers */
 void virSecurityDriverInit(virSecurityDriverPtr drv);
-int virSecurityDriverSetDOI(virConnectPtr conn,
-                            virSecurityDriverPtr drv,
+int virSecurityDriverSetDOI(virSecurityDriverPtr drv,
                             const char *doi);
 const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv);
 const char *virSecurityDriverGetModel(virSecurityDriverPtr drv);
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index a97d3de..7507549 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -156,8 +156,7 @@ SELinuxInitialize(void)
 }
 
 static int
-SELinuxGenSecurityLabel(virConnectPtr conn,
-                        virDomainObjPtr vm)
+SELinuxGenSecurityLabel(virDomainObjPtr vm)
 {
     int rc = -1;
     char mcs[1024];
@@ -171,7 +170,7 @@ SELinuxGenSecurityLabel(virConnectPtr conn,
     if (vm->def->seclabel.label ||
         vm->def->seclabel.model ||
         vm->def->seclabel.imagelabel) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                "%s", _("security label already defined for VM"));
         return rc;
     }
@@ -192,13 +191,13 @@ SELinuxGenSecurityLabel(virConnectPtr conn,
 
     vm->def->seclabel.label = SELinuxGenNewContext(default_domain_context, mcs);
     if (! vm->def->seclabel.label)  {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("cannot generate selinux context for %s"), mcs);
         goto err;
     }
     vm->def->seclabel.imagelabel = SELinuxGenNewContext(default_image_context, mcs);
     if (! vm->def->seclabel.imagelabel)  {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("cannot generate selinux context for %s"), mcs);
         goto err;
     }
@@ -221,8 +220,7 @@ done:
 }
 
 static int
-SELinuxReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                            virDomainObjPtr vm)
+SELinuxReserveSecurityLabel(virDomainObjPtr vm)
 {
     security_context_t pctx;
     context_t ctx = NULL;
@@ -266,19 +264,18 @@ SELinuxSecurityDriverProbe(void)
 }
 
 static int
-SELinuxSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv)
+SELinuxSecurityDriverOpen(virSecurityDriverPtr drv)
 {
     /*
      * Where will the DOI come from?  SELinux configuration, or qemu
      * configuration? For the moment, we'll just set it to "0".
      */
-    virSecurityDriverSetDOI(conn, drv, SECURITY_SELINUX_VOID_DOI);
+    virSecurityDriverSetDOI(drv, SECURITY_SELINUX_VOID_DOI);
     return SELinuxInitialize();
 }
 
 static int
-SELinuxGetSecurityProcessLabel(virConnectPtr conn,
-                               virDomainObjPtr vm,
+SELinuxGetSecurityProcessLabel(virDomainObjPtr vm,
                                virSecurityLabelPtr sec)
 {
     security_context_t ctx;
@@ -291,7 +288,7 @@ SELinuxGetSecurityProcessLabel(virConnectPtr conn,
     }
 
     if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("security label exceeds "
                                  "maximum length: %d"),
                                VIR_SECURITY_LABEL_BUFLEN - 1);
@@ -380,8 +377,7 @@ err:
 }
 
 static int
-SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                                 virDomainObjPtr vm,
+SELinuxRestoreSecurityImageLabel(virDomainObjPtr vm,
                                  virDomainDiskDefPtr disk)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -407,8 +403,7 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 
 static int
-SELinuxSetSecurityImageLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                             virDomainObjPtr vm,
+SELinuxSetSecurityImageLabel(virDomainObjPtr vm,
                              virDomainDiskDefPtr disk)
 
 {
@@ -482,8 +477,7 @@ SELinuxSetSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 
 static int
-SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
-                               virDomainObjPtr vm,
+SELinuxSetSecurityHostdevLabel(virDomainObjPtr vm,
                                virDomainHostdevDefPtr dev)
 
 {
@@ -506,7 +500,7 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
         if (!usb)
             goto done;
 
-        ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm);
+        ret = usbDeviceFileIterate(NULL, usb, SELinuxSetSecurityUSBLabel, vm);
         usbFreeDevice(usb);
         break;
     }
@@ -520,7 +514,7 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn,
         if (!pci)
             goto done;
 
-        ret = pciDeviceFileIterate(conn, pci, SELinuxSetSecurityPCILabel, vm);
+        ret = pciDeviceFileIterate(NULL, pci, SELinuxSetSecurityPCILabel, vm);
         pciFreeDevice(pci);
 
         break;
@@ -555,8 +549,7 @@ SELinuxRestoreSecurityUSBLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 }
 
 static int
-SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
-                                   virDomainObjPtr vm,
+SELinuxRestoreSecurityHostdevLabel(virDomainObjPtr vm,
                                    virDomainHostdevDefPtr dev)
 
 {
@@ -579,7 +572,7 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
         if (!usb)
             goto done;
 
-        ret = usbDeviceFileIterate(conn, usb, SELinuxRestoreSecurityUSBLabel, NULL);
+        ret = usbDeviceFileIterate(NULL, usb, SELinuxRestoreSecurityUSBLabel, NULL);
         usbFreeDevice(usb);
 
         break;
@@ -594,7 +587,7 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn,
         if (!pci)
             goto done;
 
-        ret = pciDeviceFileIterate(conn, pci, SELinuxRestoreSecurityPCILabel, NULL);
+        ret = pciDeviceFileIterate(NULL, pci, SELinuxRestoreSecurityPCILabel, NULL);
         pciFreeDevice(pci);
 
         break;
@@ -610,8 +603,7 @@ done:
 }
 
 static int
-SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
-                               virDomainObjPtr vm)
+SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int i;
@@ -623,11 +615,11 @@ SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
         return 0;
 
     for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (SELinuxRestoreSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+        if (SELinuxRestoreSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
             rc = -1;
     }
     for (i = 0 ; i < vm->def->ndisks ; i++) {
-        if (SELinuxRestoreSecurityImageLabel(conn, vm,
+        if (SELinuxRestoreSecurityImageLabel(vm,
                                              vm->def->disks[i]) < 0)
             rc = -1;
     }
@@ -636,8 +628,7 @@ SELinuxRestoreSecurityAllLabel(virConnectPtr conn,
 }
 
 static int
-SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                            virDomainObjPtr vm)
+SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
 
@@ -659,8 +650,7 @@ SELinuxReleaseSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                          virDomainObjPtr vm,
+SELinuxSetSavedStateLabel(virDomainObjPtr vm,
                           const char *savefile)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -673,8 +663,7 @@ SELinuxSetSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
-                              virDomainObjPtr vm,
+SELinuxRestoreSavedStateLabel(virDomainObjPtr vm,
                               const char *savefile)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
@@ -687,12 +676,12 @@ SELinuxRestoreSavedStateLabel(virConnectPtr conn ATTRIBUTE_UNUSED,
 
 
 static int
-SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+SELinuxSecurityVerify(virDomainDefPtr def)
 {
     const virSecurityLabelDefPtr secdef = &def->seclabel;
     if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC) {
         if (security_check_context(secdef->label) != 0) {
-            virSecurityReportError(conn, VIR_ERR_XML_ERROR,
+            virSecurityReportError(VIR_ERR_XML_ERROR,
                                    _("Invalid security label %s"), secdef->label);
             return -1;
         }
@@ -701,8 +690,7 @@ SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
 }
 
 static int
-SELinuxSetSecurityProcessLabel(virConnectPtr conn,
-                               virSecurityDriverPtr drv,
+SELinuxSetSecurityProcessLabel(virSecurityDriverPtr drv,
                                virDomainObjPtr vm)
 {
     /* TODO: verify DOI */
@@ -712,7 +700,7 @@ SELinuxSetSecurityProcessLabel(virConnectPtr conn,
         return 0;
 
     if (!STREQ(drv->name, secdef->model)) {
-        virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR,
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
                                _("security label driver mismatch: "
                                  "'%s' model configured for domain, but "
                                  "hypervisor driver is '%s'."),
@@ -733,8 +721,7 @@ SELinuxSetSecurityProcessLabel(virConnectPtr conn,
 }
 
 static int
-SELinuxSetSecurityAllLabel(virConnectPtr conn,
-                           virDomainObjPtr vm)
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int i;
@@ -749,11 +736,11 @@ SELinuxSetSecurityAllLabel(virConnectPtr conn,
                      vm->def->disks[i]->src, vm->def->disks[i]->dst);
             continue;
         }
-        if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+        if (SELinuxSetSecurityImageLabel(vm, vm->def->disks[i]) < 0)
             return -1;
     }
     for (i = 0 ; i < vm->def->nhostdevs ; i++) {
-        if (SELinuxSetSecurityHostdevLabel(conn, vm, vm->def->hostdevs[i]) < 0)
+        if (SELinuxSetSecurityHostdevLabel(vm, vm->def->hostdevs[i]) < 0)
             return -1;
     }
 
-- 
1.6.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]