From 81b0c20527e6822d57a42cde61331ddca99789ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 17 Jun 2020 11:59:19 +0100 Subject: [PATCH] lxc: drop compat code for capability constants MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Given our supported platform matrix, we can safely assume that all the capability constants we need are defined by the system headers. Reviewed-by: Pavel Hrdina Signed-off-by: Daniel P. Berrangé --- src/lxc/lxc_container.c | 114 ---------------------------------------- 1 file changed, 114 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 36dee51168..c22b7b0709 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1697,120 +1697,6 @@ static int lxcContainerResolveAllSymlinks(virDomainDefPtr vmDef) */ #if WITH_CAPNG -/* Define capabilities to -1 if those aren't defined in the kernel: - * this will help us ignore them. */ -# ifndef CAP_AUDIT_CONTROL -# define CAP_AUDIT_CONTROL -1 -# endif -# ifndef CAP_AUDIT_WRITE -# define CAP_AUDIT_WRITE -1 -# endif -# ifndef CAP_BLOCK_SUSPEND -# define CAP_BLOCK_SUSPEND -1 -# endif -# ifndef CAP_CHOWN -# define CAP_CHOWN -1 -# endif -# ifndef CAP_DAC_OVERRIDE -# define CAP_DAC_OVERRIDE -1 -# endif -# ifndef CAP_DAC_READ_SEARCH -# define CAP_DAC_READ_SEARCH -1 -# endif -# ifndef CAP_FOWNER -# define CAP_FOWNER -1 -# endif -# ifndef CAP_FSETID -# define CAP_FSETID -1 -# endif -# ifndef CAP_IPC_LOCK -# define CAP_IPC_LOCK -1 -# endif -# ifndef CAP_IPC_OWNER -# define CAP_IPC_OWNER -1 -# endif -# ifndef CAP_KILL -# define CAP_KILL -1 -# endif -# ifndef CAP_LEASE -# define CAP_LEASE -1 -# endif -# ifndef CAP_LINUX_IMMUTABLE -# define CAP_LINUX_IMMUTABLE -1 -# endif -# ifndef CAP_MAC_ADMIN -# define CAP_MAC_ADMIN -1 -# endif -# ifndef CAP_MAC_OVERRIDE -# define CAP_MAC_OVERRIDE -1 -# endif -# ifndef CAP_MKNOD -# define CAP_MKNOD -1 -# endif -# ifndef CAP_NET_ADMIN -# define CAP_NET_ADMIN -1 -# endif -# ifndef CAP_NET_BIND_SERVICE -# define CAP_NET_BIND_SERVICE -1 -# endif -# ifndef CAP_NET_BROADCAST -# define CAP_NET_BROADCAST -1 -# endif -# ifndef CAP_NET_RAW -# define CAP_NET_RAW -1 -# endif -# ifndef CAP_SETGID -# define CAP_SETGID -1 -# endif -# ifndef CAP_SETFCAP -# define CAP_SETFCAP -1 -# endif -# ifndef CAP_SETPCAP -# define CAP_SETPCAP -1 -# endif -# ifndef CAP_SETUID -# define CAP_SETUID -1 -# endif -# ifndef CAP_SYS_ADMIN -# define CAP_SYS_ADMIN -1 -# endif -# ifndef CAP_SYS_BOOT -# define CAP_SYS_BOOT -1 -# endif -# ifndef CAP_SYS_CHROOT -# define CAP_SYS_CHROOT -1 -# endif -# ifndef CAP_SYS_MODULE -# define CAP_SYS_MODULE -1 -# endif -# ifndef CAP_SYS_NICE -# define CAP_SYS_NICE -1 -# endif -# ifndef CAP_SYS_PACCT -# define CAP_SYS_PACCT -1 -# endif -# ifndef CAP_SYS_PTRACE -# define CAP_SYS_PTRACE -1 -# endif -# ifndef CAP_SYS_RAWIO -# define CAP_SYS_RAWIO -1 -# endif -# ifndef CAP_SYS_RESOURCE -# define CAP_SYS_RESOURCE -1 -# endif -# ifndef CAP_SYS_TIME -# define CAP_SYS_TIME -1 -# endif -# ifndef CAP_SYS_TTY_CONFIG -# define CAP_SYS_TTY_CONFIG -1 -# endif -# ifndef CAP_SYSLOG -# define CAP_SYSLOG -1 -# endif -# ifndef CAP_WAKE_ALARM -# define CAP_WAKE_ALARM -1 -# endif - static int lxcContainerDropCapabilities(virDomainDefPtr def, bool keepReboot) {