On 3/26/19 8:52 AM, Peter Krempa wrote:
On Mon, Mar 25, 2019 at 13:24:33 -0400, Laine Stump wrote:Although all hotpluggable devices other than lease, controller, watchdof, and vsock can be audited, and *are* audited when an unplug is successful, only disk, net, and hostdev were actually being audited on failure. This patch corrects that omission. Signed-off-by: Laine Stump <laine@xxxxxxxxx> --- NEW PATCH in V2 - previously a part of patch 10/14 src/qemu/qemu_hotplug.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 92d4e7d0f9..e9d6c8622b 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -5223,19 +5223,28 @@ qemuDomainRemoveAuditDevice(virDomainObjPtr vm, case VIR_DOMAIN_DEVICE_HOSTDEV: virDomainAuditHostdev(vm, detach->data.hostdev, "detach", success); break; - case VIR_DOMAIN_DEVICE_INPUT: + virDomainAuditInput(vm, detach->data.input, "detach", success); + break; case VIR_DOMAIN_DEVICE_CHR: + virDomainAuditChardev(vm, detach->data.chr, NULL, "detach", success); + break; case VIR_DOMAIN_DEVICE_RNG: - case VIR_DOMAIN_DEVICE_MEMORY: + virDomainAuditRNG(vm, detach->data.rng, NULL, "detach", success); + break; + case VIR_DOMAIN_DEVICE_MEMORY: { + unsigned long long oldmem = virDomainDefGetMemoryTotal(vm->def); + unsigned long long newmem = oldmem - detach->data.memory->size; + + virDomainAuditMemory(vm, oldmem, newmem, "update", success);This probably should also say "detach" as the rest does.
...except that all the other memory audits always say "update" rather than "detach" or "attach". Maybe the author decided to look at "memory" as a single entity that could get larger or smaller, rather than a collection of several different distinct
ACK
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
