Re: [libvirt] [PATCH] audit: Audit information about shmem devices
On Mon, Sep 12, 2016 at 02:16:34PM +0200, Michal Privoznik wrote:
On 07.09.2016 15:37, Martin Kletzander wrote:
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1218603
>
> Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
> ---
> docs/auditlog.html.in | 19 +++++++++++++++++++
> src/conf/domain_audit.c | 43 +++++++++++++++++++++++++++++++++++++++++++
> src/conf/domain_audit.h | 4 ++++
> src/libvirt_private.syms | 1 +
> 4 files changed, 67 insertions(+)
>
> diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
> index 012d0680a87b..7348948feb7a 100644
> --- a/docs/auditlog.html.in
> +++ b/docs/auditlog.html.in
> @@ -352,5 +352,24 @@
> <dd>The name of the cgroup controller</dd>
> </dl>
>
> +
> + <h4><a
name="typeresourceshmem">console/serial/parallel/channel</a></h4>
Copy-paste error. I guess you want a different name here than
"console/..." ;-)
Oh, yeah, thanks
[...]
> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
> index 53a58ac4c88c..cf9c03dee749 100644
> --- a/src/conf/domain_audit.c
> +++ b/src/conf/domain_audit.c
> @@ -963,3 +966,43 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
>
> VIR_FREE(vmname);
> }
> +
> +void
> +virDomainAuditShmem(virDomainObjPtr vm,
> + virDomainShmemDefPtr def,
> + const char *reason, bool success)
> +{
> + char uuidstr[VIR_UUID_STRING_BUFLEN];
> + char *vmname = virAuditEncode("vm", vm->def->name);
> + const char *srcpath = virDomainAuditChardevPath(&def->server.chr);
> + char *src = virAuditEncode("server", VIR_AUDIT_STR(srcpath));
> + char *shmem = virAuditEncode("shmem", VIR_AUDIT_STR(def->name));
> + const char *virt = virDomainVirtTypeToString(vm->def->virtType);
> + char *size = NULL;
> +
> + ignore_value(virAsprintfQuiet(&size, "%llu", def->size));
> + virUUIDFormat(vm->def->uuid, uuidstr);
> + if (!vmname || !src || !size || !shmem || !size)
> + goto no_memory;
I prefer to not have labels which are used from just one place.
Therefore I'd move the VIR_WARN() here and jump right onto cleanup label.
And if I wanted to be very picky, I'd say lose the ignore_value() and
check for virAsprintfQuiet() retval here too, but I am not, therefore I
won't mention it O:-)
So much for not mentioning that =)
I pushed it with the following diff squashed in:
diff --git i/docs/auditlog.html.in w/docs/auditlog.html.in
index 7348948feb7a..0c778aafeb0e 100644
--- i/docs/auditlog.html.in
+++ w/docs/auditlog.html.in
@@ -353,7 +353,7 @@
</dl>
- <h4><a
name="typeresourceshmem">console/serial/parallel/channel</a></h4>
+ <h4><a name="typeresourceshmem">Shared
memory</a></h4>
<p>
The <code>msg</code> field will include the following sub-fields
</p>
diff --git i/src/conf/domain_audit.c w/src/conf/domain_audit.c
index 828c7c7c97f8..fd20ace14cc8 100644
--- i/src/conf/domain_audit.c
+++ w/src/conf/domain_audit.c
@@ -981,10 +981,13 @@ virDomainAuditShmem(virDomainObjPtr vm,
const char *virt = virDomainVirtTypeToString(vm->def->virtType);
char *size = NULL;
- ignore_value(virAsprintfQuiet(&size, "%llu", def->size));
virUUIDFormat(vm->def->uuid, uuidstr);
- if (!vmname || !src || !size || !shmem || !size)
- goto no_memory;
+
+ if (!vmname || !src || !size || !shmem ||
+ virAsprintfQuiet(&size, "%llu", def->size) < 0) {
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+ }
if (!virt) {
VIR_WARN("Unexpected virt type %d while encoding audit message",
@@ -1002,8 +1005,4 @@ virDomainAuditShmem(virDomainObjPtr vm,
VIR_FREE(size);
VIR_FREE(shmem);
return;
-
- no_memory:
- VIR_WARN("OOM while encoding audit message");
- goto cleanup;
}
--
Thanks,
Martin
Attachments:
- signature.asc (application/pgp-signature — 801 bytes)