From nobody Mon Sep 8 17:02:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1753279285; cv=none; d=zohomail.com; s=zohoarc; b=BVhqryS2LHYTng1650nfQri9uFXh1QEVhJtt3CC5ewSs7ZedetoDzv/0Rzou0lmOrooW7smungOF1sB8k7CphbYH8yNF7bV60OgxzrqD8H9x3YS5VcUaEo+14mDsjc/MdssNIKyk0dNvYm3ArnfsIh2EsyRwE8DEEs7QFw+JXg8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753279285; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=1dDpr7h2IOr/gH6IYdap4b2+vjQdP+zgX6rAC77mgzI=; b=YO2SkGqRiu7Aa9oMbqf5l2L3mfcUYWLYD0HVDOuwrgqrS5ZKk872etFR26SW7VxZFu4to76Xd9tHm6WIFJBRQ8UeTmtelSW9C/k1uXL1ZP2Jcu6xT8qGH7epnOaBY6XP73/PIcC06hBsqZxILs7bwQAJI5b4wHyI9vYz2A5KyZs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1753279285352731.2228405099427; Wed, 23 Jul 2025 07:01:25 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id DA72C13F2; Wed, 23 Jul 2025 10:01:22 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id ABFBC13F7; Wed, 23 Jul 2025 10:00:24 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2655FDF3; Wed, 23 Jul 2025 10:00:19 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 9F0BED10 for ; Wed, 23 Jul 2025 10:00:18 -0400 (EDT) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-659-5traGn39Mcy7GP7tWgEjww-1; Wed, 23 Jul 2025 10:00:13 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B429E1800878 for ; Wed, 23 Jul 2025 14:00:12 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0CD0019560B7 for ; Wed, 23 Jul 2025 14:00:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753279218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LrHhvHlBZzGX4sf3CZytOJpzvABS1TffcFmpmT6NDtk=; b=L4xUYSlfxzZxQEGURRuHTFHchZXs0Oe/47CSyUE8qLeDYD6Z+Hp7Y2f7Ck1r5o273rwUPk 4ad0D6P1kwgQjrb/4C5s8PtUC9Nz94NqsXoKhFgq25yLm1yLC2RuDQazQXgvJ85rs39Azr 4jN+fhn4aDiDvUilXKhuDeu9uhkvtJ0= X-MC-Unique: 5traGn39Mcy7GP7tWgEjww-1 X-Mimecast-MFC-AGG-ID: 5traGn39Mcy7GP7tWgEjww_1753279212 To: devel@lists.libvirt.org Subject: [PATCH 1/5] security: Drop some G_GNUC_UNUSED attributes Date: Wed, 23 Jul 2025 16:00:04 +0200 Message-ID: <5b998013d60928a6ff7d889981698e826fcf47a4.1753279190.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: CPzRELI715Nd8BYlki-O_MxA3n0i_CU5W330gXTqmTI_1753279212 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: H3PHWSRSJHLC3AQAPU7YYL5MZLBSD7MK X-Message-ID-Hash: H3PHWSRSJHLC3AQAPU7YYL5MZLBSD7MK X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1753279288717116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik Some variables are annotated with G_GNUC_UNUSED attribute so that compiles knows to not complain about unused variable. Well, some variables are annotated and then used. Drop the G_GNUC_UNUSED attribute in such cases. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_apparmor.c | 2 +- src/security/security_dac.c | 4 ++-- src/security/security_selinux.c | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 68ac39611f..40907c9364 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -349,7 +349,7 @@ AppArmorSecurityManagerGetDOI(virSecurityManager *mgr G= _GNUC_UNUSED) * called on shutdown. */ static int -AppArmorGenSecurityLabel(virSecurityManager *mgr G_GNUC_UNUSED, +AppArmorGenSecurityLabel(virSecurityManager *mgr, virDomainDef *def) { g_autofree char *profile_name =3D NULL; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 3ecbc7277d..2210117f12 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1703,7 +1703,7 @@ struct _virSecurityDACChardevCallbackData { =20 static int virSecurityDACRestoreChardevCallback(virDomainDef *def, - virDomainChrDef *dev G_GNUC_UNUSED, + virDomainChrDef *dev, void *opaque) { struct _virSecurityDACChardevCallbackData *data =3D opaque; @@ -2069,7 +2069,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, =20 static int virSecurityDACSetChardevCallback(virDomainDef *def, - virDomainChrDef *dev G_GNUC_UNUSED, + virDomainChrDef *dev, void *opaque) { struct _virSecurityDACChardevCallbackData *data =3D opaque; diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index fa5d1568eb..402e0b7737 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1488,7 +1488,7 @@ virSecuritySELinuxFSetFilecon(int fd, char *tcon) =20 /* Set fcon to the appropriate label for path and mode, or return -1. */ static int -getContext(virSecurityManager *mgr G_GNUC_UNUSED, +getContext(virSecurityManager *mgr, const char *newpath, mode_t mode, char **fcon) { virSecuritySELinuxData *data =3D virSecurityManagerGetPrivateData(mgr); @@ -2796,7 +2796,7 @@ struct _virSecuritySELinuxChardevCallbackData { =20 static int virSecuritySELinuxRestoreSecurityChardevCallback(virDomainDef *def, - virDomainChrDef *dev G_GN= UC_UNUSED, + virDomainChrDef *dev, void *opaque) { struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; @@ -3071,7 +3071,7 @@ virSecuritySELinuxSetProcessLabel(virSecurityManager = *mgr G_GNUC_UNUSED, static int virSecuritySELinuxSetChildProcessLabel(virSecurityManager *mgr G_GNUC_UNUS= ED, virDomainDef *def, - bool useBinarySpecificLabel G_GNUC_= UNUSED, + bool useBinarySpecificLabel, virCommand *cmd) { /* TODO: verify DOI */ @@ -3232,7 +3232,7 @@ virSecuritySELinuxClearSocketLabel(virSecurityManager= *mgr G_GNUC_UNUSED, =20 static int virSecuritySELinuxSetSecurityChardevCallback(virDomainDef *def, - virDomainChrDef *dev G_GNUC_U= NUSED, + virDomainChrDef *dev, void *opaque) { struct _virSecuritySELinuxChardevCallbackData *data =3D opaque; --=20 2.49.1 From nobody Mon Sep 8 17:02:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1753279311; cv=none; d=zohomail.com; s=zohoarc; b=RbGrX+/Q0INfoGM6LB4cFmcxcwcI5lPjR/aQrJwMvMYROhZK5+et5ewQZzS7lABeLvjDyhSTYNjApa9pgHDBBES1fEO13j8tralbo6GiAe13019HBqirCZovvKgkHh0tekz/ZPls5jn/kvv3WE3KG9oTx43LbqCOn6xdxgYZjB4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753279311; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=C9ud16n708CMprb3a6cFAoVB4xa5sLFKivVNAzQGQoM=; b=IFBQas3d8r+fCyGmAwk/0P4GxZ8pANtpNLEzsxYtLITUfuywt4h+K034co6YqQWURetVqEg6HEFBWQbv9HV2lJ83ald9ZBRxzeYJvdvEQMdqRuCIXFWlTU7WuytoLxtBRMSkHVboe/be5+41X2mWk5xr2S/3roKmacAI/SMkgKs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1753279311816703.3575411732065; Wed, 23 Jul 2025 07:01:51 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id B46631423; Wed, 23 Jul 2025 10:01:50 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 8DAB9DB6; Wed, 23 Jul 2025 10:00:31 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 572E81423; Wed, 23 Jul 2025 10:00:27 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 4C67C128F for ; Wed, 23 Jul 2025 10:00:20 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-322-NksIDpPXPVmsQ4BjiKQqag-1; Wed, 23 Jul 2025 10:00:16 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CEDC61800295 for ; Wed, 23 Jul 2025 14:00:13 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 26EFB19560B7 for ; Wed, 23 Jul 2025 14:00:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753279220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8ckD9HyLfVZtO1N0T6UTNjJ53gonM62CkbhRkmw4mlI=; b=LcSsi3lugnNC+/Q7s+4/22ohYGnWhGnA2Apazhi75MlRJj3tsteuSH1lwaUyge78D5N6+8 EkUGstYLz9c3uWSMMxhTLiYJg2qGmXmfLD3MrUv6JtmnDexqbCZ+FrY5u6ghTJkmSjwsvs s51+1Rhkfqj3Keh0hEmwh9MIhw6FodQ= X-MC-Unique: NksIDpPXPVmsQ4BjiKQqag-1 X-Mimecast-MFC-AGG-ID: NksIDpPXPVmsQ4BjiKQqag_1753279213 To: devel@lists.libvirt.org Subject: [PATCH 2/5] security_selinux: Drop needless checks for seclabel->model == "selinux" Date: Wed, 23 Jul 2025 16:00:05 +0200 Message-ID: <2f22d75957c1c2420c25f1f1d268e38cbbe55e4e.1753279190.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: bka3CEWlaAHzI5TMXpDXeW8RAToEhXETwejMlAN-HC8_1753279213 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: V7BM3IDEEA575AELDY5QXYSAAXWZJOUF X-Message-ID-Hash: V7BM3IDEEA575AELDY5QXYSAAXWZJOUF X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1753279315536116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik In few instances, after virDomainDefGetSecurityLabelDef(SECURITY_SELINUX_NAME) was called, we take the returned secdef and compare secdef->model against SECURITY_SELINUX_NAME. This makes no sense because virDomainDefGetSecurityLabelDef() has already done this comparison. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_selinux.c | 51 --------------------------------- 1 file changed, 51 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 402e0b7737..61a47f23c4 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -899,14 +899,6 @@ virSecuritySELinuxGenLabel(virSecurityManager *mgr, return rc; } =20 - if (seclabel->model && - STRNEQ(seclabel->model, SECURITY_SELINUX_NAME)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label model %1$s is not supported with = selinux"), - seclabel->model); - return rc; - } - VIR_DEBUG("type=3D%d", seclabel->type); =20 switch (seclabel->type) { @@ -3020,13 +3012,6 @@ virSecuritySELinuxVerify(virSecurityManager *mgr G_G= NUC_UNUSED, if (secdef =3D=3D NULL) return 0; =20 - if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: '%1$s' model con= figured for domain, but hypervisor driver is '%2$s'."), - secdef->model, SECURITY_SELINUX_NAME); - return -1; - } - if (secdef->type =3D=3D VIR_DOMAIN_SECLABEL_STATIC) { if (security_check_context(secdef->label) !=3D 0) { virReportError(VIR_ERR_XML_ERROR, @@ -3049,13 +3034,6 @@ virSecuritySELinuxSetProcessLabel(virSecurityManager= *mgr G_GNUC_UNUSED, return 0; =20 VIR_DEBUG("label=3D%s", secdef->label); - if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: '%1$s' model con= figured for domain, but hypervisor driver is '%2$s'."), - secdef->model, SECURITY_SELINUX_NAME); - if (security_getenforce() =3D=3D 1) - return -1; - } =20 if (setexeccon_raw(secdef->label) =3D=3D -1) { virReportSystemError(errno, @@ -3084,13 +3062,6 @@ virSecuritySELinuxSetChildProcessLabel(virSecurityMa= nager *mgr G_GNUC_UNUSED, return 0; =20 VIR_DEBUG("label=3D%s", secdef->label); - if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: '%1$s' model con= figured for domain, but hypervisor driver is '%2$s'."), - secdef->model, SECURITY_SELINUX_NAME); - if (security_getenforce() =3D=3D 1) - return -1; - } =20 /* pick either the common label used by most binaries exec'ed by * libvirt, or the specific label of this binary. @@ -3132,13 +3103,6 @@ virSecuritySELinuxSetDaemonSocketLabel(virSecurityMa= nager *mgr G_GNUC_UNUSED, if (!secdef || !secdef->label) return 0; =20 - if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: '%1$s' model con= figured for domain, but hypervisor driver is '%2$s'."), - secdef->model, SECURITY_SELINUX_NAME); - goto error; - } - if (getcon_raw(&scon) =3D=3D -1) { virReportSystemError(errno, _("unable to get current process context '%1$= s'"), @@ -3175,13 +3139,6 @@ virSecuritySELinuxSetSocketLabel(virSecurityManager = *mgr G_GNUC_UNUSED, if (!secdef || !secdef->label) return 0; =20 - if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: '%1$s' model con= figured for domain, but hypervisor driver is '%2$s'."), - secdef->model, SECURITY_SELINUX_NAME); - goto error; - } - VIR_DEBUG("Setting VM %s socket context %s", vm->name, secdef->label); if (setsockcreatecon_raw(secdef->label) =3D=3D -1) { @@ -3211,14 +3168,6 @@ virSecuritySELinuxClearSocketLabel(virSecurityManage= r *mgr G_GNUC_UNUSED, if (!secdef || !secdef->label) return 0; =20 - if (STRNEQ(SECURITY_SELINUX_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: '%1$s' model con= figured for domain, but hypervisor driver is '%2$s'."), - secdef->model, SECURITY_SELINUX_NAME); - if (security_getenforce() =3D=3D 1) - return -1; - } - if (setsockcreatecon_raw(NULL) =3D=3D -1) { virReportSystemError(errno, _("unable to clear socket security context '%= 1$s'"), --=20 2.49.1 From nobody Mon Sep 8 17:02:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1753279259; cv=none; d=zohomail.com; s=zohoarc; b=fz9AT+AMtWg+5qN8vBLLWQ28uNN8JyZ95jJjEtnyIRJ1tuEkluBr5xzJdnlbxW25ItAJlkjzLpDcvcEnFHTV3CiRAF89GX5vBRdmHlNMcloA/WoNfi4J/UgIWFrOXiA/asbHr0RyAxrEMF5Yeu5NWgkPltNkip8ypCDX8gY1zGk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753279259; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=SPzlQLjB0Re+RrxgHU7y0iyP7LbSbEmj57N8RVwOY2Q=; b=mEvt4huOJJT/ojmLmK2dbbF2O2Hr5wWltv1wXYMIHcz0NlhfgqOpseExdvgDb9x9AvA9pd0uSq9VrZuzPJIK8zvuMKW0MfZLkEXQvzxmuA9OGd5WTHD2Aalkv0oB7BQ3PZ2k6b1KVBj91uUiOEfK4RO5qo0qwoPA+aDEGJxdXeM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1753279259189887.8157215777936; Wed, 23 Jul 2025 07:00:59 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 24C2512A2; Wed, 23 Jul 2025 10:00:58 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 09C7813CB; Wed, 23 Jul 2025 10:00:22 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2B199D3A; Wed, 23 Jul 2025 10:00:18 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id AAC2ED10 for ; Wed, 23 Jul 2025 10:00:17 -0400 (EDT) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-171-1xVkD8QBOguWSwH4c4-rzg-1; Wed, 23 Jul 2025 10:00:15 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0799A1800878 for ; Wed, 23 Jul 2025 14:00:15 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 4A3FF19560AF for ; Wed, 23 Jul 2025 14:00:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753279217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/na/nDNd5TTCGkapnb3ADYihuIUY7XoTGcD1917zgnE=; b=LA59fuiUOtHsIvWj9Yi/gTLnSUzx6tMDTLaDj4E26e3DuNrrziDNfZoQCR7VYLEa6e1m/B lFDbe30uQFpsIerxe4/dCXDtqs1Vl8HnUddIyUwalodDngGT3dESHD8vJyNfEpzMeOznGQ 2/Sk83KFKjNlIZ9bfljBvlcG75wMzWw= X-MC-Unique: 1xVkD8QBOguWSwH4c4-rzg-1 X-Mimecast-MFC-AGG-ID: 1xVkD8QBOguWSwH4c4-rzg_1753279215 To: devel@lists.libvirt.org Subject: [PATCH 3/5] security_dac: Drop needless checks for seclabel->model == "dac" Date: Wed, 23 Jul 2025 16:00:06 +0200 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: VW7M7YKpb2_ZMZEBiAk_Bw6VoufrCQ-eDqRvLZ8wZm8_1753279215 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: DUHNOZGQRS76S5XQMC7WZFC64Z5BVUX2 X-Message-ID-Hash: DUHNOZGQRS76S5XQMC7WZFC64Z5BVUX2 X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1753279260116116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik In one instance, after virDomainDefGetSecurityLabelDef(SECURITY_DAC_NAME) was called, we take the returned secdef and compare secdef->model against SECURITY_DAC_NAME. This makes no sense because virDomainDefGetSecurityLabelDef() has already done this comparison. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 2210117f12..8fb26168ca 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2404,14 +2404,6 @@ virSecurityDACGenLabel(virSecurityManager *mgr, return rc; } =20 - if (seclabel->model - && STRNEQ(seclabel->model, SECURITY_DAC_NAME)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label model %1$s is not supported with = selinux"), - seclabel->model); - return rc; - } - switch ((virDomainSeclabelType)seclabel->type) { case VIR_DOMAIN_SECLABEL_STATIC: if (seclabel->label =3D=3D NULL) { --=20 2.49.1 From nobody Mon Sep 8 17:02:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1753279367; cv=none; d=zohomail.com; s=zohoarc; b=lUzqTunMaYqL4c/xEqWykc5ONYbLVfueddCIe0cBWPhhXIxxqj8boC8TBX44bKUpbTwG5Y/Tu+kw7fkZrFrYLn+SlIB5tHfSVOU1KY75H/qY/uag8aLDgTmq5mYOaNML2FdWuPYX5yWgQ4og94A0bw2FFJsebmQFx+GpDweA/m8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753279367; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=SFYFFaeL7VQeM9P3bTayq9Iommj3VK43l5cY6UoDgX8=; b=hQnlSCexlKS2vH1lAsSRJJ8ml2IZ9JORgg7oiDCfdv558xGdON0ttR80Q8OA6jBlMzi8Wy3nvohtXn6hRfDUUh5orC5NyrqvIesKcaiRuaAKPbuKT9ZPV91V2Mfc3yKHyB4ZVfbJQ8CVF92Vy668rBVh7aSFO9ecjxpZl53hkc4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1753279367192499.47151420977923; Wed, 23 Jul 2025 07:02:47 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id C2A6911C2; Wed, 23 Jul 2025 10:02:43 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 9779A1375; Wed, 23 Jul 2025 10:00:37 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 912C9139E; Wed, 23 Jul 2025 10:00:30 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E735211B8 for ; Wed, 23 Jul 2025 10:00:21 -0400 (EDT) Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-407-EiDlQrRSPiaz_jae0b6XvQ-1; Wed, 23 Jul 2025 10:00:16 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 23B7D19560A2 for ; Wed, 23 Jul 2025 14:00:16 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 711841956063 for ; Wed, 23 Jul 2025 14:00:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753279221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G9bjj5jkv1gk76Z3Y4/8J+ZKCCMP0fK7W0KZrQ2wTKE=; b=eV3XtTMfyNCPN2Tm4O2cSDV/PooLZ5d6Y/YmBD9s5Nqy8a5Nfj34/kRF5EeUm3cq4LKhVd KUqByXb2v43fK20fot9yCuo3rokfB1U56x3N3QSXp/ku8WHCgEv9V3xlbd3CkxJqMcVkcP ax45TWIO3wUq3MysNb8S1CwcjJ3vyzw= X-MC-Unique: EiDlQrRSPiaz_jae0b6XvQ-1 X-Mimecast-MFC-AGG-ID: EiDlQrRSPiaz_jae0b6XvQ_1753279216 To: devel@lists.libvirt.org Subject: [PATCH 4/5] security_apparmor: Drop needless checks for seclabel->model == "apparmor" Date: Wed, 23 Jul 2025 16:00:07 +0200 Message-ID: <0484a9cc0b5de0b0001c72e2658c00ab39d6c21d.1753279190.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: u85AFx_IspBaevFzfj9UCpjpE2Z8pICHjqAElvc85m8_1753279216 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 6B2QFLERCACRB5D6BS6HONNKCGINT5WG X-Message-ID-Hash: 6B2QFLERCACRB5D6BS6HONNKCGINT5WG X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1753279368348116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik In few instances, after virDomainDefGetSecurityLabelDef(SECURITY_APPARMOR_NAME) was called, we take the returned secdef and compare secdef->model against SECURITY_APPARMOR_NAME. This makes no sense because virDomainDefGetSecurityLabelDef() has already done this comparison. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_apparmor.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 40907c9364..c7412a76c0 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -520,14 +520,6 @@ AppArmorSetSecurityProcessLabel(virSecurityManager *mg= r G_GNUC_UNUSED, if ((profile_name =3D get_profile_name(def)) =3D=3D NULL) return -1; =20 - if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: \'%1$s\' model c= onfigured for domain, but hypervisor driver is \'%2$s\'."), - secdef->model, SECURITY_APPARMOR_NAME); - if (use_apparmor() > 0) - return -1; - } - VIR_DEBUG("Changing AppArmor profile to %s", profile_name); if (aa_change_profile(profile_name) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -557,14 +549,6 @@ AppArmorSetSecurityChildProcessLabel(virSecurityManage= r *mgr G_GNUC_UNUSED, if (!secdef || !secdef->label) return 0; =20 - if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("security label driver mismatch: \'%1$s\' model c= onfigured for domain, but hypervisor driver is \'%2$s\'."), - secdef->model, SECURITY_APPARMOR_NAME); - if (use_apparmor() > 0) - return -1; - } - if ((profile_name =3D get_profile_name(def)) =3D=3D NULL) return -1; =20 --=20 2.49.1 From nobody Mon Sep 8 17:02:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1753279341; cv=none; d=zohomail.com; s=zohoarc; b=h0/K4qHXaeLqtsmlGlGMv/C+0kg5FlL0/NwnUIUZ5TWe5walHmkmHMrcBat+/lfp74Mu76HmoS1arN9dzu6u7aJFI5TSxckQ56Jzes4DyL2NRIESCihydwL5A6Gf6LpdSd84+jIcwL3rwNW00+VEzzszWbl6M6lJ1niektiyPZ4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753279341; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=FE95c5dZWX2XZ3tCkf2OoaCkiPAfZX+jutvPjkVMPgM=; b=lU+31YF0Zu+ETppDQJ5wlnmmbeh3j7WRTNVp1NOYSK2dBv5djHIubtlCvLuZFQFU9snM5PXSUBgQ0qbiEmrSC2ZBkX9M7tmQJ0zpF+sSgTU+4hJ+LMGugvsSbdFpSItuxV4sxU+aasjEgKcMK+YK7AWramwrQ0bnw3joSJlJiOM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1753279341503489.908770330166; Wed, 23 Jul 2025 07:02:21 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 787E6136B; Wed, 23 Jul 2025 10:02:20 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id C375F12C2; Wed, 23 Jul 2025 10:00:35 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CEB1912C0; Wed, 23 Jul 2025 10:00:29 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 4F658136C for ; Wed, 23 Jul 2025 10:00:21 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-251-SbImZUWEP1-7fwwCORIqRQ-1; Wed, 23 Jul 2025 10:00:18 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 48849180028E for ; Wed, 23 Jul 2025 14:00:17 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 8BAC019560AF for ; Wed, 23 Jul 2025 14:00:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753279221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v6Q87XXUx0ZILYff9TIjTyxh5AY2oc9b2K8mC5dpXmw=; b=RO7+SwkgxO8MLHUb9kxKDK7qno2kz6s5PP1D220hsbzZXLudWMLj2ucPq+Jrvu9KJiOXL5 lLEko0iGqR+MPwezxxX3ZZYU1Mka5bdcoUa/Zk6w0V0hlI8XQQgV0goxgskcLJKOO7EzX4 9dzFa+HRsM1nht/jKR1CJRKz40UNCss= X-MC-Unique: SbImZUWEP1-7fwwCORIqRQ-1 X-Mimecast-MFC-AGG-ID: SbImZUWEP1-7fwwCORIqRQ_1753279217 To: devel@lists.libvirt.org Subject: [PATCH 5/5] security_dac: Drop needles typecast in virSecurityDACGenLabel() Date: Wed, 23 Jul 2025 16:00:08 +0200 Message-ID: <9656cf0d275ffd272b3a84544a36ac2911face46.1753279190.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: tRYaSOb6R3f2Biuw83fP94Sm1xddj9A8E1xDpIYMadE_1753279217 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 57FKFFBH7SZPGH3BI62OWMRN3OCIJZPX X-Message-ID-Hash: 57FKFFBH7SZPGH3BI62OWMRN3OCIJZPX X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1753279344098116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik Inside of virSecurityDACGenLabel() there's a switch() statement and the variable it uses is typecasted to virDomainSeclabelType. Well, as of v7.10.0-rc1~26 the variable is already of that type rendering the typecast needless. Drop it. Signed-off-by: Michal Privoznik Reviewed-by: J=C3=A1n Tomko --- src/security/security_dac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 8fb26168ca..98a64bd0ce 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2404,7 +2404,7 @@ virSecurityDACGenLabel(virSecurityManager *mgr, return rc; } =20 - switch ((virDomainSeclabelType)seclabel->type) { + switch (seclabel->type) { case VIR_DOMAIN_SECLABEL_STATIC: if (seclabel->label =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, --=20 2.49.1