Revert most of commit a8b5f9bd27d65c2ced064b9267ca31dee7ad9c86. The audit hooks will be re-added directly in the QEMU driver code in a future commit * daemon/remote.c: Remove all audit logging hooks * src/qemu/qemu_driver.c: Remove all audit logging hooks --- daemon/remote.c | 134 ++++-------------------------------------------- src/qemu/qemu_driver.c | 7 --- 2 files changed, 10 insertions(+), 131 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 50ccb3b..886d53d 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -59,7 +59,6 @@ #include "stream.h" #include "uuid.h" #include "network.h" -#include "virtaudit.h" #include "libvirt/libvirt-qemu.h" #define VIR_FROM_THIS VIR_FROM_REMOTE @@ -1216,8 +1215,6 @@ remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -1225,18 +1222,11 @@ remoteDispatchDomainCreate (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainCreate(dom); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=start name=%s uuid=%s", dom->name, uuidstr); - - if (r == -1) { + if (virDomainCreate (dom) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; } - virDomainFree(dom); return 0; } @@ -1251,8 +1241,6 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server *server ATTRIBUTE_UNUSE remote_domain_create_with_flags_ret *ret) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -1260,15 +1248,7 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server *server ATTRIBUTE_UNUSE return -1; } - r = virDomainCreateWithFlags(dom, args->flags); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=%s name=%s uuid=%s", - (args->flags & VIR_DOMAIN_START_PAUSED) != - 0 ? "start-paused" : "start", dom->name, uuidstr); - - if (r == -1) { + if (virDomainCreateWithFlags (dom, args->flags) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; @@ -1289,20 +1269,13 @@ remoteDispatchDomainCreateXml (struct qemud_server *server ATTRIBUTE_UNUSED, remote_domain_create_xml_ret *ret) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; dom = virDomainCreateXML (conn, args->xml_desc, args->flags); if (dom == NULL) { - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0, - "op=start name=? uuid=?"); remoteDispatchConnError(rerr, conn); return -1; } - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, "op=start name=%s uuid=%s", - dom->name, uuidstr); - make_nonnull_domain (&ret->dom, dom); virDomainFree(dom); @@ -1342,8 +1315,6 @@ remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -1351,13 +1322,7 @@ remoteDispatchDomainDestroy (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainDestroy(dom); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=stop name=%s uuid=%s", dom->name, uuidstr); - - if (r == -1) { + if (virDomainDestroy (dom) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; @@ -1842,8 +1807,6 @@ remoteDispatchDomainMigratePrepare (struct qemud_server *server ATTRIBUTE_UNUSED r = virDomainMigratePrepare (conn, &cookie, &cookielen, uri_in, uri_out, args->flags, dname, args->resource); - /* This creates a VM, but we don't audit it until the migration succeeds - and the VM actually starts. */ if (r == -1) { VIR_FREE(uri_out); remoteDispatchConnError(rerr, conn); @@ -1876,7 +1839,7 @@ remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED { int r; virDomainPtr dom; - char *dname, uuidstr[VIR_UUID_STRING_BUFLEN]; + char *dname; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -1891,11 +1854,6 @@ remoteDispatchDomainMigratePerform (struct qemud_server *server ATTRIBUTE_UNUSED args->cookie.cookie_len, args->uri, args->flags, dname, args->resource); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=migrate-out name=%s uuid=%s", dom->name, uuidstr); - virDomainFree (dom); if (r == -1) { remoteDispatchConnError(rerr, conn); @@ -1915,27 +1873,18 @@ remoteDispatchDomainMigrateFinish (struct qemud_server *server ATTRIBUTE_UNUSED, remote_domain_migrate_finish_ret *ret) { virDomainPtr ddom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; CHECK_CONN (client); - /* Note that we are not able to audit "op=migrate-in" here if - VIR_DRV_FEATURE_MIGRATION_DIRECT is used. */ ddom = virDomainMigrateFinish (conn, args->dname, args->cookie.cookie_val, args->cookie.cookie_len, args->uri, args->flags); if (ddom == NULL) { - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0, - "op=migrate-in name=%s uuid=?", args->dname); remoteDispatchConnError(rerr, conn); return -1; } - virUUIDFormat(ddom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, - "op=migrate-in name=%s uuid=%s", ddom->name, uuidstr); - make_nonnull_domain (&ret->ddom, ddom); virDomainFree (ddom); return 0; @@ -1971,8 +1920,6 @@ remoteDispatchDomainMigratePrepare2 (struct qemud_server *server ATTRIBUTE_UNUSE uri_in, uri_out, args->flags, dname, args->resource, args->dom_xml); - /* This creates a VM, but we don't audit it until the migration succeeds - and the VM actually starts. */ if (r == -1) { remoteDispatchConnError(rerr, conn); return -1; @@ -1998,11 +1945,8 @@ remoteDispatchDomainMigrateFinish2 (struct qemud_server *server ATTRIBUTE_UNUSED remote_domain_migrate_finish2_ret *ret) { virDomainPtr ddom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; CHECK_CONN (client); - /* Note that we are not able to audit "op=migrate-in" here if - VIR_DRV_FEATURE_MIGRATION_DIRECT is used. */ ddom = virDomainMigrateFinish2 (conn, args->dname, args->cookie.cookie_val, args->cookie.cookie_len, @@ -2010,16 +1954,10 @@ remoteDispatchDomainMigrateFinish2 (struct qemud_server *server ATTRIBUTE_UNUSED args->flags, args->retcode); if (ddom == NULL) { - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0, - "op=migrate-in name=%s uuid=?", args->dname); remoteDispatchConnError(rerr, conn); return -1; } - virUUIDFormat(ddom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, - "op=migrate-in name=%s uuid=%s", ddom->name, uuidstr); - make_nonnull_domain (&ret->ddom, ddom); virDomainFree (ddom); @@ -2051,8 +1989,6 @@ remoteDispatchDomainMigratePrepareTunnel(struct qemud_server *server ATTRIBUTE_U r = virDomainMigratePrepareTunnel(conn, stream->st, args->flags, dname, args->resource, args->dom_xml); - /* This creates a VM, but we don't audit it until the migration succeeds - and the VM actually starts. */ if (r == -1) { remoteFreeClientStream(client, stream); remoteDispatchConnError(rerr, conn); @@ -2259,15 +2195,8 @@ remoteDispatchDomainRestore (struct qemud_server *server ATTRIBUTE_UNUSED, remote_domain_restore_args *args, void *ret ATTRIBUTE_UNUSED) { - int r; - - r = virDomainRestore(conn, args->from); - /* We don't have enough information! */ - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=start name=? uuid=? file=%s", args->from); - - if (r == -1) { + if (virDomainRestore (conn, args->from) == -1) { remoteDispatchConnError(rerr, conn); return -1; } @@ -2285,8 +2214,6 @@ remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -2294,13 +2221,7 @@ remoteDispatchDomainResume (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainResume(dom); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, - "op=resume name=%s uuid=%s", dom->name, uuidstr); - - if (r == -1) { + if (virDomainResume (dom) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; @@ -2319,8 +2240,6 @@ remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -2328,13 +2247,7 @@ remoteDispatchDomainSave (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainSave(dom, args->to); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=stop name=%s uuid=%s", dom->name, uuidstr); - - if (r == -1) { + if (virDomainSave (dom, args->to) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; @@ -2353,7 +2266,6 @@ remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -2361,17 +2273,7 @@ remoteDispatchDomainCoreDump (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainCoreDump(dom, args->to, args->flags); - - if ((args->flags & VIR_DUMP_CRASH) != 0) { - char uuidstr[VIR_UUID_STRING_BUFLEN]; - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=stop name=%s uuid=%s", dom->name, uuidstr); - } - - if (r == -1) { + if (virDomainCoreDump (dom, args->to, args->flags) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; @@ -2756,8 +2658,6 @@ remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -2765,13 +2665,7 @@ remoteDispatchDomainSuspend (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainSuspend(dom); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, - "op=suspend name=%s uuid=%s", dom->name, uuidstr); - - if (r == -1) { + if (virDomainSuspend (dom) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; @@ -2883,8 +2777,6 @@ remoteDispatchDomainManagedSave (struct qemud_server *server ATTRIBUTE_UNUSED, void *ret ATTRIBUTE_UNUSED) { virDomainPtr dom; - char uuidstr[VIR_UUID_STRING_BUFLEN]; - int r; dom = get_nonnull_domain (conn, args->dom); if (dom == NULL) { @@ -2892,13 +2784,7 @@ remoteDispatchDomainManagedSave (struct qemud_server *server ATTRIBUTE_UNUSED, return -1; } - r = virDomainManagedSave(dom, args->flags); - - virUUIDFormat(dom->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1, - "op=stop name=%s uuid=%s", dom->name, uuidstr); - - if (r == -1) { + if (virDomainManagedSave (dom, args->flags) == -1) { virDomainFree(dom); remoteDispatchConnError(rerr, conn); return -1; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ae1d833..923c57d 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -80,7 +80,6 @@ #include "domain_nwfilter.h" #include "hooks.h" #include "storage_file.h" -#include "virtaudit.h" #define VIR_FROM_THIS VIR_FROM_QEMU @@ -909,15 +908,9 @@ qemuHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED, int hasError) { struct qemud_driver *driver = qemu_driver; virDomainEventPtr event = NULL; - char uuidstr[VIR_UUID_STRING_BUFLEN]; VIR_DEBUG("Received EOF on %p '%s'", vm, vm->def->name); - /* If the domain stops of its own will, we wouldn't audit it otherwise. */ - virUUIDFormat(vm->def->uuid, uuidstr); - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, - "op=stopped name=%s uuid=%s", vm->def->name, uuidstr); - virDomainObjLock(vm); event = virDomainEventNewFromObj(vm, -- 1.7.2.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list