On 12/28/2017 06:41 PM, Eduardo Habkost wrote:
> All calls to virDomainAuditCgroupPath() were passing 'rc == 0' as
> argument, when it was supposed to pass the 'rc' value directly.
>
> As a consequence, the audit events that were supposed to be
> logged (actual cgroup changes) were never being logged, and bogus
> audit events were logged when using regular files as disk image.
>
> Fix all calls to use the return value of
> virCgroup{Allow,Deny}Device*() directly as the 'rc' argument.
>
> Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
> ---
> src/qemu/qemu_cgroup.c | 28 ++++++++++++++--------------
> 1 file changed, 14 insertions(+), 14 deletions(-)
>
> diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
> index 19252ea23..1f8fd870c 100644
> --- a/src/qemu/qemu_cgroup.c
> +++ b/src/qemu/qemu_cgroup.c
> @@ -313,7 +313,7 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm,
> rv = virCgroupAllowDevicePath(priv->cgroup, path[i], perms[i], false);
> virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path[i],
> virCgroupGetDevicePermsString(perms[i]),
> - ret == 0);
> + ret);
Almost. s/ret/rv/. I wonder how this could have ever worked.
Fixed that small nit, ACKed and pushed. Thanks!
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
