[libvirt PATCH v2 3/5] m4: virt-secdriver-selinux: drop obsolete function checks

Pavel Hrdina phrdina at redhat.com
Fri Jul 10 10:25:04 UTC 2020 

All of the listed functions are available in libselinux version 2.2.
Our supported OSes start with version 2.5 so there is no need to check
it.

Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
---
 m4/virt-secdriver-selinux.m4    | 24 ++----------------------
 src/security/security_selinux.c | 18 +++---------------
 tests/securityselinuxhelper.c   |  6 ------
 3 files changed, 5 insertions(+), 43 deletions(-)

diff --git a/m4/virt-secdriver-selinux.m4 b/m4/virt-secdriver-selinux.m4
index a48569fc33a..4174249a510 100644
--- a/m4/virt-secdriver-selinux.m4
+++ b/m4/virt-secdriver-selinux.m4
@@ -32,28 +32,8 @@ AC_DEFUN([LIBVIRT_SECDRIVER_CHECK_SELINUX], [
       AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes])
     fi
   elif test "$with_secdriver_selinux" != "no"; then
-    old_CFLAGS="$CFLAGS"
-    old_LIBS="$LIBS"
-    CFLAGS="$CFLAGS $SELINUX_CFLAGS"
-    LIBS="$CFLAGS $SELINUX_LIBS"
-
-    fail=0
-    AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
-    AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
-    AC_CHECK_FUNCS([selinux_lxc_contexts_path])
-    CFLAGS="$old_CFLAGS"
-    LIBS="$old_LIBS"
-
-    if test "$fail" = "1" ; then
-      if test "$with_secdriver_selinux" = "check" ; then
-        with_secdriver_selinux=no
-      else
-        AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in order to compile libvirt --with-secdriver-selinux=yes])
-      fi
-    else
-      with_secdriver_selinux=yes
-      AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available])
-    fi
+    with_secdriver_selinux=yes
+    AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available])
   fi
   AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
 ])
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index f8c1a0a2f1a..67dc6ce09a4 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -639,7 +639,6 @@ virSecuritySELinuxGenNewContext(const char *basecontext,
 }
 
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static int
 virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
 {
@@ -702,15 +701,6 @@ virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr)
     virHashFree(data->mcs);
     return -1;
 }
-#else
-static int
-virSecuritySELinuxLXCInitialize(virSecurityManagerPtr mgr G_GNUC_UNUSED)
-{
-    virReportSystemError(ENOSYS, "%s",
-                         _("libselinux does not support LXC contexts path"));
-    return -1;
-}
-#endif
 
 
 static int
@@ -1018,11 +1008,9 @@ virSecuritySELinuxDriverProbe(const char *virtDriver)
     if (is_selinux_enabled() <= 0)
         return SECURITY_DRIVER_DISABLE;
 
-    if (virtDriver && STREQ(virtDriver, "LXC")) {
-#if HAVE_SELINUX_LXC_CONTEXTS_PATH
-        if (!virFileExists(selinux_lxc_contexts_path()))
-#endif
-            return SECURITY_DRIVER_DISABLE;
+    if (virtDriver && STREQ(virtDriver, "LXC") &&
+        !virFileExists(selinux_lxc_contexts_path())) {
+        return SECURITY_DRIVER_DISABLE;
     }
 
     return SECURITY_DRIVER_ENABLE;
diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index 0556241fd55..c3d7f8c1cee 100644
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -48,9 +48,7 @@ static int (*real_is_selinux_enabled)(void);
 static const char *(*real_selinux_virtual_domain_context_path)(void);
 static const char *(*real_selinux_virtual_image_context_path)(void);
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 static const char *(*real_selinux_lxc_contexts_path)(void);
-#endif
 
 static struct selabel_handle *(*real_selabel_open)(unsigned int backend,
                                                   const struct selinux_opt *opts,
@@ -73,9 +71,7 @@ static void init_syms(void)
     VIR_MOCK_REAL_INIT(selinux_virtual_domain_context_path);
     VIR_MOCK_REAL_INIT(selinux_virtual_image_context_path);
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
     VIR_MOCK_REAL_INIT(selinux_lxc_contexts_path);
-#endif
 
     VIR_MOCK_REAL_INIT(selabel_open);
     VIR_MOCK_REAL_INIT(selabel_close);
@@ -273,7 +269,6 @@ const char *selinux_virtual_image_context_path(void)
     return abs_srcdir "/securityselinuxhelperdata/virtual_image_context";
 }
 
-#ifdef HAVE_SELINUX_LXC_CONTEXTS_PATH
 const char *selinux_lxc_contexts_path(void)
 {
     init_syms();
@@ -283,7 +278,6 @@ const char *selinux_lxc_contexts_path(void)
 
     return abs_srcdir "/securityselinuxhelperdata/lxc_contexts";
 }
-#endif
 
 struct selabel_handle *
 selabel_open(unsigned int backend,
-- 
2.26.2

More information about the libvir-list mailing list