Re: [libvirt] [PATCHv2 2/8] audit: split cgroup audit types to allow more information

Device names can be manipulated, so it is better to also log the major/minor device number corresponding to the cgroup ACL changes that libvirt made. This required some refactoring of the relatively new qemu cgroup audit code. Also, qemuSetupChardevCgroup was only auditing on failure, not success.

+/* Return rdev=nn:mm in hex for block and character devices, rdev=? + * for other file types or stat failure, or NULL on allocation + * failure. */ +#if defined major && defined minor +static char * +qemuAuditGetRdev(const char *path) +{ + char *ret; + struct stat sb; + + if (stat(path, &sb) == 0 && + (S_ISCHR(sb.st_mode) || S_ISBLK(sb.st_mode))) { + int maj = major(sb.st_rdev); + int min = minor(sb.st_rdev); + virAsprintf(&ret, "rdev=%02X:%02X", maj, min); + } else { + ret = strdup("rdev=?"); + } + return ret; +} +#else +static char * +qemuAuditGetRdev(const char *path ATTRIBUTE_UNUSED) +{ + return strdup("rdev=?"); +} +#endif

+void +qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup, + const char *reason, const char *path, int rc) +{ + char *detail; + char *rdev; + char *extra; + + /* Nothing to audit for regular files. */ + if (rc > 0) + return; + + if (!(detail = virAuditEncode("path", path)) || + !(rdev = qemuAuditGetRdev(path)) || + virAsprintf(&extra, "path path=%s %s", path, rdev) < 0) {