Remove bogus virSecurityManagerSetProcessFDLabel method

The virSecurityManagerSetProcessFDLabel method was introduced
after a mis-understanding from a conversation about SELinux
socket labelling. The virSecurityManagerSetSocketLabel method
should have been used for all such scenarios.

* src/security/security_apparmor.c, src/security/security_apparmor.c,
  src/security/security_driver.h, src/security/security_manager.c,
  src/security/security_manager.h, src/security/security_selinux.c,
  src/security/security_stack.c: Remove SetProcessFDLabel driver

src/security/security_apparmor.c

@@ -799,34 +799,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
     return reload_profile(mgr, vm, fd_path, true);
 }
 
-static int
-AppArmorSetProcessFDLabel(virSecurityManagerPtr mgr,
-                          virDomainObjPtr vm,
-                          int fd)
-{
-    int rc = -1;
-    char *proc = NULL;
-    char *fd_path = NULL;
-
-    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
-
-    if (secdef->imagelabel == NULL)
-        return 0;
-
-    if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) {
-        virReportOOMError();
-        return rc;
-    }
-
-    if (virFileResolveLink(proc, &fd_path) < 0) {
-        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
-                               "%s", _("could not find path for descriptor"));
-        return rc;
-    }
-
-    return reload_profile(mgr, vm, fd_path, true);
-}
-
 virSecurityDriver virAppArmorSecurityDriver = {
     0,
     SECURITY_APPARMOR_NAME,
@@ -863,5 +835,4 @@ virSecurityDriver virAppArmorSecurityDriver = {
     AppArmorRestoreSavedStateLabel,
 
     AppArmorSetImageFDLabel,
-    AppArmorSetProcessFDLabel,
 };

src/security/security_dac.c

@@ -697,14 +697,6 @@ virSecurityDACSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     return 0;
 }
 
-static int
-virSecurityDACSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                                virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                                int fd ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
-
 
 virSecurityDriver virSecurityDriverDAC = {
     sizeof(virSecurityDACData),
@@ -743,5 +735,4 @@ virSecurityDriver virSecurityDriverDAC = {
     virSecurityDACRestoreSavedStateLabel,
 
     virSecurityDACSetImageFDLabel,
-    virSecurityDACSetProcessFDLabel,
 };

src/security/security_driver.h

@@ -84,9 +84,6 @@ typedef int (*virSecurityDomainSecurityVerify) (virSecurityManagerPtr mgr,
 typedef int (*virSecurityDomainSetImageFDLabel) (virSecurityManagerPtr mgr,
                                                  virDomainObjPtr vm,
                                                  int fd);
-typedef int (*virSecurityDomainSetProcessFDLabel) (virSecurityManagerPtr mgr,
-                                                   virDomainObjPtr vm,
-                                                   int fd);
 
 struct _virSecurityDriver {
     size_t privateDataLen;
@@ -124,7 +121,6 @@ struct _virSecurityDriver {
     virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
 
     virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
-    virSecurityDomainSetProcessFDLabel domainSetSecurityProcessFDLabel;
 };
 
 virSecurityDriverPtr virSecurityDriverLookup(const char *name);

src/security/security_manager.c

@@ -346,14 +346,3 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
     virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
     return -1;
 }
-
-int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr,
-                                        virDomainObjPtr vm,
-                                        int fd)
-{
-    if (mgr->drv->domainSetSecurityProcessFDLabel)
-        return mgr->drv->domainSetSecurityProcessFDLabel(mgr, vm, fd);
-
-    virSecurityReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
-    return -1;
-}

src/security/security_manager.h

@@ -96,8 +96,5 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
 int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
                                       virDomainObjPtr vm,
                                       int fd);
-int virSecurityManagerSetProcessFDLabel(virSecurityManagerPtr mgr,
-                                        virDomainObjPtr vm,
-                                        int fd);
 
 #endif /* VIR_SECURITY_MANAGER_H__ */

src/security/security_selinux.c

@@ -1321,19 +1321,6 @@ SELinuxSetImageFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
     return SELinuxFSetFilecon(fd, secdef->imagelabel);
 }
 
-static int
-SELinuxSetProcessFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                         virDomainObjPtr vm,
-                         int fd)
-{
-    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
-
-    if (secdef->label == NULL)
-        return 0;
-
-    return SELinuxFSetFilecon(fd, secdef->label);
-}
-
 virSecurityDriver virSecurityDriverSELinux = {
     0,
     SECURITY_SELINUX_NAME,
@@ -1370,5 +1357,4 @@ virSecurityDriver virSecurityDriverSELinux = {
     SELinuxRestoreSavedStateLabel,
 
     SELinuxSetImageFDLabel,
-    SELinuxSetProcessFDLabel,
 };

src/security/security_stack.c

@@ -402,23 +402,6 @@ virSecurityStackSetImageFDLabel(virSecurityManagerPtr mgr,
 }
 
 
-static int
-virSecurityStackSetProcessFDLabel(virSecurityManagerPtr mgr,
-                                  virDomainObjPtr vm,
-                                  int fd)
-{
-    virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr);
-    int rc = 0;
-
-    if (virSecurityManagerSetProcessFDLabel(priv->secondary, vm, fd) < 0)
-        rc = -1;
-    if (virSecurityManagerSetProcessFDLabel(priv->primary, vm, fd) < 0)
-        rc = -1;
-
-    return rc;
-}
-
-
 virSecurityDriver virSecurityDriverStack = {
     sizeof(virSecurityStackData),
     "stack",
@@ -455,5 +438,4 @@ virSecurityDriver virSecurityDriverStack = {
     virSecurityStackRestoreSavedStateLabel,
 
     virSecurityStackSetImageFDLabel,
-    virSecurityStackSetProcessFDLabel,
 };