This function can be called with a virDomainDevicePtr and whether or
not the removal was successful, and it will call the appropriate
virDomainAudit*() function with the appropriate args for whatever type
of device it's given (or do nothing, if that's appropriate). This
permits generalizing some code that currently has a separate copy for
each type of device.
NB: Although the function initially will be called only with
success=false, that has been made an argument so that in the future
(when the qemuDomainRemove*Device() functions have had their common
functionality consolidated into qemuDomainRemoveDevice()), this new
common code can call qemuDomainRemoveAuditDevice() for all types.
Signed-off-by: Laine Stump <laine(a)laine.org>
---
change from V1:
* only audit device types that were previously audited on *failure* to
remove (this preserves previous behavior). Auditing of other device
types is now added in new patch 11/14.
* use ATTRIBUTE_UNUSED instead of "inline" to prevent compile error
due to the new function not yet being used.
src/qemu/qemu_hotplug.c | 55 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index de30b08dd1..92d4e7d0f9 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -5208,6 +5208,61 @@ qemuDomainRemoveRedirdevDevice(virQEMUDriverPtr driver,
}
+static void ATTRIBUTE_UNUSED
+qemuDomainRemoveAuditDevice(virDomainObjPtr vm,
+ virDomainDeviceDefPtr detach,
+ bool success)
+{
+ switch ((virDomainDeviceType)detach->type) {
+ case VIR_DOMAIN_DEVICE_DISK:
+ virDomainAuditDisk(vm, detach->data.disk->src, NULL, "detach",
success);
+ break;
+ case VIR_DOMAIN_DEVICE_NET:
+ virDomainAuditNet(vm,
detach->data.net, NULL, "detach", success);
+ break;
+ case VIR_DOMAIN_DEVICE_HOSTDEV:
+ virDomainAuditHostdev(vm, detach->data.hostdev, "detach",
success);
+ break;
+
+ case VIR_DOMAIN_DEVICE_INPUT:
+ case VIR_DOMAIN_DEVICE_CHR:
+ case VIR_DOMAIN_DEVICE_RNG:
+ case VIR_DOMAIN_DEVICE_MEMORY:
+ case VIR_DOMAIN_DEVICE_SHMEM:
+ case VIR_DOMAIN_DEVICE_REDIRDEV:
+ /*
+ * These devices are supposed to be audited, but current code
+ * doesn't audit on failure to remove the device.
+ */
+ break;
+
+
+ case VIR_DOMAIN_DEVICE_LEASE:
+ case VIR_DOMAIN_DEVICE_CONTROLLER:
+ case VIR_DOMAIN_DEVICE_WATCHDOG:
+ case VIR_DOMAIN_DEVICE_VSOCK:
+ /* These devices don't have associated audit logs */
+ break;
+
+ case VIR_DOMAIN_DEVICE_FS:
+ case VIR_DOMAIN_DEVICE_SOUND:
+ case VIR_DOMAIN_DEVICE_VIDEO:
+ case VIR_DOMAIN_DEVICE_GRAPHICS:
+ case VIR_DOMAIN_DEVICE_HUB:
+ case VIR_DOMAIN_DEVICE_SMARTCARD:
+ case VIR_DOMAIN_DEVICE_MEMBALLOON:
+ case VIR_DOMAIN_DEVICE_NVRAM:
+ case VIR_DOMAIN_DEVICE_NONE:
+ case VIR_DOMAIN_DEVICE_TPM:
+ case VIR_DOMAIN_DEVICE_PANIC:
+ case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_LAST:
+ /* these will never happen, these devices can't be unplugged */
This is actually misleading. The guest can ask for removal of a PCI
device. It's a bug in libvirt that the backend removal functions along
with deleting of the definition is not implemented.
I'd just state that they currently don't have detach handlers
implemented.
ACK regardless as this requires more fixing out of the scope.