External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 07:59:00 +00:00
Code

audit: disk: Refactor disk auditing to avoid auditing remote storage

Browse Source 
Pass the virStorageSource struct to the auditing function and check if
storage is local before auditing.
This commit is contained in:
Peter Krempa 2014-07-03 10:28:12 +02:00
parent 45c81cbb45
commit 6d602f116c
5 changed files with 31 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/conf/domain_audit.c
View File

@ -156,10 +156,21 @@ virDomainAuditGenericDev(virDomainObjPtr vm,
void void
virDomainAuditDisk(virDomainObjPtr vm, virDomainAuditDisk(virDomainObjPtr vm,
const char *oldDef, const char *newDef, virStorageSourcePtr oldDef,
const char *reason, bool success) virStorageSourcePtr newDef,
const char *reason,
bool success)
{ {
virDomainAuditGenericDev(vm, "disk", oldDef, newDef, reason, success); const char *oldsrc = NULL;
const char *newsrc = NULL;
if (oldDef && virStorageSourceIsLocalStorage(oldDef))
oldsrc = oldDef->path;
if (newDef && virStorageSourceIsLocalStorage(newDef))
newsrc = newDef->path;
virDomainAuditGenericDev(vm, "disk", oldsrc, newsrc, reason, success);
} }
@ -738,12 +749,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
{ {
size_t i; size_t i;
for (i = 0; i < vm->def->ndisks; i++) { for (i = 0; i < vm->def->ndisks; i++)
const char *src = virDomainDiskGetSource(vm->def->disks[i]); virDomainAuditDisk(vm, NULL, vm->def->disks[i]->src, "start", true);
if (src) /* Skips CDROM without media initially inserted */
virDomainAuditDisk(vm, NULL, src, "start", true);
}
for (i = 0; i < vm->def->nfss; i++) { for (i = 0; i < vm->def->nfss; i++) {
virDomainFSDefPtr fs = vm->def->fss[i]; virDomainFSDefPtr fs = vm->def->fss[i];

4
src/conf/domain_audit.h
View File

@ -39,8 +39,8 @@ void virDomainAuditStop(virDomainObjPtr vm,
const char *reason) const char *reason)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
void virDomainAuditDisk(virDomainObjPtr vm, void virDomainAuditDisk(virDomainObjPtr vm,
const char *oldDef, virStorageSourcePtr oldDef,
const char *newDef, virStorageSourcePtr newDef,
const char *reason, const char *reason,
bool success) bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);

6
src/lxc/lxc_driver.c
View File

@ -4099,7 +4099,7 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
cleanup: cleanup:
if (src) if (src)
virDomainAuditDisk(vm, NULL, src, "attach", ret == 0); virDomainAuditDisk(vm, NULL, def->src, "attach", ret == 0);
VIR_FREE(file); VIR_FREE(file);
return ret; return ret;
} }
@ -4587,10 +4587,10 @@ lxcDomainDetachDeviceDiskLive(virDomainObjPtr vm,
} }
if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) { if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) {
virDomainAuditDisk(vm, src, NULL, "detach", false); virDomainAuditDisk(vm, def->src, NULL, "detach", false);
goto cleanup; goto cleanup;
} }
virDomainAuditDisk(vm, src, NULL, "detach", true); virDomainAuditDisk(vm, def->src, NULL, "detach", true);
if (virCgroupDenyDevicePath(priv->cgroup, src, VIR_CGROUP_DEVICE_RWM) != 0) if (virCgroupDenyDevicePath(priv->cgroup, src, VIR_CGROUP_DEVICE_RWM) != 0)
VIR_WARN("cannot deny device %s for domain %s", VIR_WARN("cannot deny device %s for domain %s",

4
src/qemu/qemu_driver.c
View File

@ -12947,7 +12947,7 @@ qemuDomainSnapshotCreateSingleDiskActive(virQEMUDriverPtr driver,
} }
} }
virDomainAuditDisk(vm, disk->src->path, source, "snapshot", ret >= 0); virDomainAuditDisk(vm, disk->src, snap->src, "snapshot", ret >= 0);
if (ret < 0) if (ret < 0)
goto cleanup; goto cleanup;
@ -15378,7 +15378,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
qemuDomainObjEnterMonitor(driver, vm); qemuDomainObjEnterMonitor(driver, vm);
ret = qemuMonitorDriveMirror(priv->mon, device, dest, format, bandwidth, ret = qemuMonitorDriveMirror(priv->mon, device, dest, format, bandwidth,
flags); flags);
virDomainAuditDisk(vm, NULL, dest, "mirror", ret >= 0); virDomainAuditDisk(vm, NULL, mirror, "mirror", ret >= 0);
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
if (ret < 0) { if (ret < 0) {
qemuDomainPrepareDiskChainElementPath(driver, vm, disk, dest, qemuDomainPrepareDiskChainElementPath(driver, vm, disk, dest,

21
src/qemu/qemu_hotplug.c
View File

@ -154,9 +154,7 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver,
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
} }
audit: audit:
if (src) virDomainAuditDisk(vm, origdisk->src, disk->src, "update", ret >= 0);
virDomainAuditDisk(vm, virDomainDiskGetSource(origdisk),
src, "update", ret >= 0);
if (ret < 0) if (ret < 0)
goto error; goto error;
@ -330,7 +328,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
} }
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
virDomainAuditDisk(vm, NULL, src, "attach", ret >= 0); virDomainAuditDisk(vm, NULL, disk->src, "attach", ret >= 0);
if (ret < 0) if (ret < 0)
goto error; goto error;
@ -583,7 +581,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
} }
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
virDomainAuditDisk(vm, NULL, src, "attach", ret >= 0); virDomainAuditDisk(vm, NULL, disk->src, "attach", ret >= 0);
if (ret < 0) if (ret < 0)
goto error; goto error;
@ -677,7 +675,7 @@ qemuDomainAttachUSBMassstorageDevice(virConnectPtr conn,
} }
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
virDomainAuditDisk(vm, NULL, src, "attach", ret >= 0); virDomainAuditDisk(vm, NULL, disk->src, "attach", ret >= 0);
if (ret < 0) if (ret < 0)
goto error; goto error;
@ -2487,7 +2485,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
VIR_FREE(drivestr); VIR_FREE(drivestr);
virDomainAuditDisk(vm, src, NULL, "detach", true); virDomainAuditDisk(vm, disk->src, NULL, "detach", true);
event = virDomainEventDeviceRemovedNewFromObj(vm, disk->info.alias); event = virDomainEventDeviceRemovedNewFromObj(vm, disk->info.alias);
if (event) if (event)
@ -2940,16 +2938,14 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) { if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) { if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
virDomainAuditDisk(vm, virDomainDiskGetSource(detach), virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
NULL, "detach", false);
goto cleanup; goto cleanup;
} }
} else { } else {
if (qemuMonitorRemovePCIDevice(priv->mon, if (qemuMonitorRemovePCIDevice(priv->mon,
&detach->info.addr.pci) < 0) { &detach->info.addr.pci) < 0) {
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
virDomainAuditDisk(vm, virDomainDiskGetSource(detach), virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
NULL, "detach", false);
goto cleanup; goto cleanup;
} }
} }
@ -2994,8 +2990,7 @@ qemuDomainDetachDiskDevice(virQEMUDriverPtr driver,
qemuDomainObjEnterMonitor(driver, vm); qemuDomainObjEnterMonitor(driver, vm);
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) { if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);
virDomainAuditDisk(vm, virDomainDiskGetSource(detach), virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
NULL, "detach", false);
goto cleanup; goto cleanup;
} }
qemuDomainObjExitMonitor(driver, vm); qemuDomainObjExitMonitor(driver, vm);