[PATCH 1/7] Remove all auditing hooks from libvirtd dispatch code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Revert most of commit a8b5f9bd27d65c2ced064b9267ca31dee7ad9c86.
The audit hooks will be re-added directly in the QEMU driver code
in a future commit

* daemon/remote.c: Remove all audit logging hooks
* src/qemu/qemu_driver.c: Remove all audit logging hooks
---
 daemon/remote.c        |  134 ++++--------------------------------------------
 src/qemu/qemu_driver.c |    7 ---
 2 files changed, 10 insertions(+), 131 deletions(-)

diff --git a/daemon/remote.c b/daemon/remote.c
index 50ccb3b..886d53d 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -59,7 +59,6 @@
 #include "stream.h"
 #include "uuid.h"
 #include "network.h"
-#include "virtaudit.h"
 #include "libvirt/libvirt-qemu.h"
 
 #define VIR_FROM_THIS VIR_FROM_REMOTE
@@ -1216,8 +1215,6 @@ remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
                             void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -1225,18 +1222,11 @@ remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainCreate(dom);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=start name=%s uuid=%s", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainCreate (dom) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
     }
-
     virDomainFree(dom);
     return 0;
 }
@@ -1251,8 +1241,6 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server *server ATTRIBUTE_UNUSE
                                      remote_domain_create_with_flags_ret *ret)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -1260,15 +1248,7 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server *server ATTRIBUTE_UNUSE
         return -1;
     }
 
-    r = virDomainCreateWithFlags(dom, args->flags);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=%s name=%s uuid=%s",
-              (args->flags & VIR_DOMAIN_START_PAUSED) !=
-              0 ? "start-paused" : "start", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainCreateWithFlags (dom, args->flags) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -1289,20 +1269,13 @@ remoteDispatchDomainCreateXml (struct qemud_server *server ATTRIBUTE_UNUSED,
                                remote_domain_create_xml_ret *ret)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
 
     dom = virDomainCreateXML (conn, args->xml_desc, args->flags);
     if (dom == NULL) {
-        VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0,
-                  "op=start name=? uuid=?");
         remoteDispatchConnError(rerr, conn);
         return -1;
     }
 
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, "op=start name=%s uuid=%s",
-              dom->name, uuidstr);
-
     make_nonnull_domain (&ret->dom, dom);
     virDomainFree(dom);
 
@@ -1342,8 +1315,6 @@ remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
                              void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -1351,13 +1322,7 @@ remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainDestroy(dom);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=stop name=%s uuid=%s", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainDestroy (dom) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -1842,8 +1807,6 @@ remoteDispatchDomainMigratePrepare (struct qemud_server *server ATTRIBUTE_UNUSED
     r = virDomainMigratePrepare (conn, &cookie, &cookielen,
                                  uri_in, uri_out,
                                  args->flags, dname, args->resource);
-    /* This creates a VM, but we don't audit it until the migration succeeds
-       and the VM actually starts. */
     if (r == -1) {
         VIR_FREE(uri_out);
         remoteDispatchConnError(rerr, conn);
@@ -1876,7 +1839,7 @@ remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED
 {
     int r;
     virDomainPtr dom;
-    char *dname, uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *dname;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -1891,11 +1854,6 @@ remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED
                                  args->cookie.cookie_len,
                                  args->uri,
                                  args->flags, dname, args->resource);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=migrate-out name=%s uuid=%s", dom->name, uuidstr);
-
     virDomainFree (dom);
     if (r == -1) {
         remoteDispatchConnError(rerr, conn);
@@ -1915,27 +1873,18 @@ remoteDispatchDomainMigrateFinish (struct qemud_server *server ATTRIBUTE_UNUSED,
                                    remote_domain_migrate_finish_ret *ret)
 {
     virDomainPtr ddom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
     CHECK_CONN (client);
 
-    /* Note that we are not able to audit "op=migrate-in" here if
-       VIR_DRV_FEATURE_MIGRATION_DIRECT is used. */
     ddom = virDomainMigrateFinish (conn, args->dname,
                                    args->cookie.cookie_val,
                                    args->cookie.cookie_len,
                                    args->uri,
                                    args->flags);
     if (ddom == NULL) {
-        VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0,
-                  "op=migrate-in name=%s uuid=?", args->dname);
         remoteDispatchConnError(rerr, conn);
         return -1;
     }
 
-    virUUIDFormat(ddom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1,
-              "op=migrate-in name=%s uuid=%s", ddom->name, uuidstr);
-
     make_nonnull_domain (&ret->ddom, ddom);
     virDomainFree (ddom);
     return 0;
@@ -1971,8 +1920,6 @@ remoteDispatchDomainMigratePrepare2 (struct qemud_server *server ATTRIBUTE_UNUSE
                                   uri_in, uri_out,
                                   args->flags, dname, args->resource,
                                   args->dom_xml);
-    /* This creates a VM, but we don't audit it until the migration succeeds
-       and the VM actually starts. */
     if (r == -1) {
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -1998,11 +1945,8 @@ remoteDispatchDomainMigrateFinish2 (struct qemud_server *server ATTRIBUTE_UNUSED
                                     remote_domain_migrate_finish2_ret *ret)
 {
     virDomainPtr ddom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
     CHECK_CONN (client);
 
-    /* Note that we are not able to audit "op=migrate-in" here if
-       VIR_DRV_FEATURE_MIGRATION_DIRECT is used. */
     ddom = virDomainMigrateFinish2 (conn, args->dname,
                                     args->cookie.cookie_val,
                                     args->cookie.cookie_len,
@@ -2010,16 +1954,10 @@ remoteDispatchDomainMigrateFinish2 (struct qemud_server *server ATTRIBUTE_UNUSED
                                     args->flags,
                                     args->retcode);
     if (ddom == NULL) {
-        VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0,
-                  "op=migrate-in name=%s uuid=?", args->dname);
         remoteDispatchConnError(rerr, conn);
         return -1;
     }
 
-    virUUIDFormat(ddom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1,
-              "op=migrate-in name=%s uuid=%s", ddom->name, uuidstr);
-
     make_nonnull_domain (&ret->ddom, ddom);
     virDomainFree (ddom);
 
@@ -2051,8 +1989,6 @@ remoteDispatchDomainMigratePrepareTunnel(struct qemud_server *server ATTRIBUTE_U
     r = virDomainMigratePrepareTunnel(conn, stream->st,
                                       args->flags, dname, args->resource,
                                       args->dom_xml);
-    /* This creates a VM, but we don't audit it until the migration succeeds
-       and the VM actually starts. */
     if (r == -1) {
         remoteFreeClientStream(client, stream);
         remoteDispatchConnError(rerr, conn);
@@ -2259,15 +2195,8 @@ remoteDispatchDomainRestore (struct qemud_server *server ATTRIBUTE_UNUSED,
                              remote_domain_restore_args *args,
                              void *ret ATTRIBUTE_UNUSED)
 {
-    int r;
-
-    r = virDomainRestore(conn, args->from);
 
-    /* We don't have enough information! */
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=start name=? uuid=? file=%s", args->from);
-
-    if (r == -1) {
+    if (virDomainRestore (conn, args->from) == -1) {
         remoteDispatchConnError(rerr, conn);
         return -1;
     }
@@ -2285,8 +2214,6 @@ remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED,
                             void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -2294,13 +2221,7 @@ remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainResume(dom);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1,
-              "op=resume name=%s uuid=%s", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainResume (dom) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -2319,8 +2240,6 @@ remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED,
                           void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -2328,13 +2247,7 @@ remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainSave(dom, args->to);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=stop name=%s uuid=%s", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainSave (dom, args->to) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -2353,7 +2266,6 @@ remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED,
                               void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -2361,17 +2273,7 @@ remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainCoreDump(dom, args->to, args->flags);
-
-    if ((args->flags & VIR_DUMP_CRASH) != 0) {
-        char uuidstr[VIR_UUID_STRING_BUFLEN];
-
-        virUUIDFormat(dom->uuid, uuidstr);
-        VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-                  "op=stop name=%s uuid=%s", dom->name, uuidstr);
-    }
-
-    if (r == -1) {
+    if (virDomainCoreDump (dom, args->to, args->flags) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -2756,8 +2658,6 @@ remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED,
                              void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -2765,13 +2665,7 @@ remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainSuspend(dom);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1,
-              "op=suspend name=%s uuid=%s", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainSuspend (dom) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
@@ -2883,8 +2777,6 @@ remoteDispatchDomainManagedSave (struct qemud_server *server ATTRIBUTE_UNUSED,
                                  void *ret ATTRIBUTE_UNUSED)
 {
     virDomainPtr dom;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
-    int r;
 
     dom = get_nonnull_domain (conn, args->dom);
     if (dom == NULL) {
@@ -2892,13 +2784,7 @@ remoteDispatchDomainManagedSave (struct qemud_server *server ATTRIBUTE_UNUSED,
         return -1;
     }
 
-    r = virDomainManagedSave(dom, args->flags);
-
-    virUUIDFormat(dom->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
-              "op=stop name=%s uuid=%s", dom->name, uuidstr);
-
-    if (r == -1) {
+    if (virDomainManagedSave (dom, args->flags) == -1) {
         virDomainFree(dom);
         remoteDispatchConnError(rerr, conn);
         return -1;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ae1d833..923c57d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -80,7 +80,6 @@
 #include "domain_nwfilter.h"
 #include "hooks.h"
 #include "storage_file.h"
-#include "virtaudit.h"
 
 
 #define VIR_FROM_THIS VIR_FROM_QEMU
@@ -909,15 +908,9 @@ qemuHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
                      int hasError) {
     struct qemud_driver *driver = qemu_driver;
     virDomainEventPtr event = NULL;
-    char uuidstr[VIR_UUID_STRING_BUFLEN];
 
     VIR_DEBUG("Received EOF on %p '%s'", vm, vm->def->name);
 
-    /* If the domain stops of its own will, we wouldn't audit it otherwise. */
-    virUUIDFormat(vm->def->uuid, uuidstr);
-    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1,
-              "op=stopped name=%s uuid=%s", vm->def->name, uuidstr);
-
     virDomainObjLock(vm);
 
     event = virDomainEventNewFromObj(vm,
-- 
1.7.2.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]