Re: [PATCH] audit: Audit information about shmem devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 12, 2016 at 02:16:34PM +0200, Michal Privoznik wrote:
On 07.09.2016 15:37, Martin Kletzander wrote:
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1218603

Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
---
 docs/auditlog.html.in    | 19 +++++++++++++++++++
 src/conf/domain_audit.c  | 43 +++++++++++++++++++++++++++++++++++++++++++
 src/conf/domain_audit.h  |  4 ++++
 src/libvirt_private.syms |  1 +
 4 files changed, 67 insertions(+)

diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 012d0680a87b..7348948feb7a 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -352,5 +352,24 @@
       <dd>The name of the cgroup controller</dd>
     </dl>

+
+    <h4><a name="typeresourceshmem">console/serial/parallel/channel</a></h4>

Copy-paste error. I guess you want a different name here than
"console/..." ;-)


Oh, yeah, thanks

[...]

diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 53a58ac4c88c..cf9c03dee749 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -963,3 +966,43 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)

     VIR_FREE(vmname);
 }
+
+void
+virDomainAuditShmem(virDomainObjPtr vm,
+                    virDomainShmemDefPtr def,
+                    const char *reason, bool success)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname = virAuditEncode("vm", vm->def->name);
+    const char *srcpath = virDomainAuditChardevPath(&def->server.chr);
+    char *src = virAuditEncode("server", VIR_AUDIT_STR(srcpath));
+    char *shmem = virAuditEncode("shmem", VIR_AUDIT_STR(def->name));
+    const char *virt = virDomainVirtTypeToString(vm->def->virtType);
+    char *size = NULL;
+
+    ignore_value(virAsprintfQuiet(&size, "%llu", def->size));
+    virUUIDFormat(vm->def->uuid, uuidstr);
+    if (!vmname || !src || !size || !shmem || !size)
+        goto no_memory;

I prefer to not have labels which are used from just one place.
Therefore I'd move the VIR_WARN() here and jump right onto cleanup label.
And if I wanted to be very picky, I'd say lose the ignore_value() and
check for virAsprintfQuiet() retval here too, but I am not, therefore I
won't mention it O:-)


So much for not mentioning that =)

I pushed it with the following diff squashed in:

diff --git i/docs/auditlog.html.in w/docs/auditlog.html.in
index 7348948feb7a..0c778aafeb0e 100644
--- i/docs/auditlog.html.in
+++ w/docs/auditlog.html.in
@@ -353,7 +353,7 @@
    </dl>


-    <h4><a name="typeresourceshmem">console/serial/parallel/channel</a></h4>
+    <h4><a name="typeresourceshmem">Shared memory</a></h4>
    <p>
      The <code>msg</code> field will include the following sub-fields
    </p>
diff --git i/src/conf/domain_audit.c w/src/conf/domain_audit.c
index 828c7c7c97f8..fd20ace14cc8 100644
--- i/src/conf/domain_audit.c
+++ w/src/conf/domain_audit.c
@@ -981,10 +981,13 @@ virDomainAuditShmem(virDomainObjPtr vm,
    const char *virt = virDomainVirtTypeToString(vm->def->virtType);
    char *size = NULL;

-    ignore_value(virAsprintfQuiet(&size, "%llu", def->size));
    virUUIDFormat(vm->def->uuid, uuidstr);
-    if (!vmname || !src || !size || !shmem || !size)
-        goto no_memory;
+
+    if (!vmname || !src || !size || !shmem ||
+        virAsprintfQuiet(&size, "%llu", def->size) < 0) {
+        VIR_WARN("OOM while encoding audit message");
+        goto cleanup;
+    }

    if (!virt) {
        VIR_WARN("Unexpected virt type %d while encoding audit message",
@@ -1002,8 +1005,4 @@ virDomainAuditShmem(virDomainObjPtr vm,
    VIR_FREE(size);
    VIR_FREE(shmem);
    return;
-
- no_memory:
-    VIR_WARN("OOM while encoding audit message");
-    goto cleanup;
}
--

Thanks,
Martin

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]