From nobody Thu May 2 21:58:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1514482937593220.70191191057484; Thu, 28 Dec 2017 09:42:17 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E2BF1883C6; Thu, 28 Dec 2017 17:42:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E6645D6A5; Thu, 28 Dec 2017 17:42:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2AC234BB79; Thu, 28 Dec 2017 17:41:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id vBSHfWsK025212 for ; Thu, 28 Dec 2017 12:41:32 -0500 Received: by smtp.corp.redhat.com (Postfix) id 47CB55C88F; Thu, 28 Dec 2017 17:41:32 +0000 (UTC) Received: from localhost (ovpn-116-7.gru2.redhat.com [10.97.116.7]) by smtp.corp.redhat.com (Postfix) with ESMTP id D3C7E61783; Thu, 28 Dec 2017 17:41:29 +0000 (UTC) From: Eduardo Habkost To: libvir-list@redhat.com Date: Thu, 28 Dec 2017 15:41:28 -0200 Message-Id: <20171228174128.10958-1-ehabkost@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH] qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 28 Dec 2017 17:42:15 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" All calls to virDomainAuditCgroupPath() were passing 'rc =3D=3D 0' as argument, when it was supposed to pass the 'rc' value directly. As a consequence, the audit events that were supposed to be logged (actual cgroup changes) were never being logged, and bogus audit events were logged when using regular files as disk image. Fix all calls to use the return value of virCgroup{Allow,Deny}Device*() directly as the 'rc' argument. Signed-off-by: Eduardo Habkost --- src/qemu/qemu_cgroup.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 19252ea23..1f8fd870c 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -75,7 +75,7 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm, =20 virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path, virCgroupGetDevicePermsString(perms), - ret =3D=3D 0); + ret); =20 return ret; } @@ -129,7 +129,7 @@ qemuTeardownImageCgroup(virDomainObjPtr vm, ret =3D virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true); =20 virDomainAuditCgroupPath(vm, priv->cgroup, "deny", src->path, - virCgroupGetDevicePermsString(perms), ret =3D= =3D 0); + virCgroupGetDevicePermsString(perms), ret); =20 return ret; } @@ -187,7 +187,7 @@ qemuSetupChrSourceCgroup(virDomainObjPtr vm, ret =3D virCgroupAllowDevicePath(priv->cgroup, source->data.file.path, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", - source->data.file.path, "rw", ret =3D=3D 0); + source->data.file.path, "rw", ret); =20 return ret; } @@ -211,7 +211,7 @@ qemuTeardownChrSourceCgroup(virDomainObjPtr vm, ret =3D virCgroupDenyDevicePath(priv->cgroup, source->data.file.path, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "deny", - source->data.file.path, "rw", ret =3D=3D 0); + source->data.file.path, "rw", ret); =20 return ret; } @@ -261,7 +261,7 @@ qemuSetupInputCgroup(virDomainObjPtr vm, VIR_DEBUG("Process path '%s' for input device", dev->source.evdev); ret =3D virCgroupAllowDevicePath(priv->cgroup, dev->source.evdev, VIR_CGROUP_DEVICE_RW, false); - virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.ev= dev, "rw", ret =3D=3D 0); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.ev= dev, "rw", ret); break; } =20 @@ -284,7 +284,7 @@ qemuTeardownInputCgroup(virDomainObjPtr vm, VIR_DEBUG("Process path '%s' for input device", dev->source.evdev); ret =3D virCgroupDenyDevicePath(priv->cgroup, dev->source.evdev, VIR_CGROUP_DEVICE_RWM, false); - virDomainAuditCgroupPath(vm, priv->cgroup, "deny", dev->source.evd= ev, "rwm", ret =3D=3D 0); + virDomainAuditCgroupPath(vm, priv->cgroup, "deny", dev->source.evd= ev, "rwm", ret); break; } =20 @@ -313,7 +313,7 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm, rv =3D virCgroupAllowDevicePath(priv->cgroup, path[i], perms[i], f= alse); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path[i], virCgroupGetDevicePermsString(perms[i]), - ret =3D=3D 0); + ret); if (rv < 0) goto cleanup; } @@ -357,7 +357,7 @@ qemuTeardownHostdevCgroup(virDomainObjPtr vm, rv =3D virCgroupDenyDevicePath(priv->cgroup, path[i], VIR_CGROUP_DEVICE_RWM, false); virDomainAuditCgroupPath(vm, priv->cgroup, - "deny", path[i], "rwm", rv =3D=3D 0); + "deny", path[i], "rwm", rv); if (rv < 0) goto cleanup; } @@ -388,7 +388,7 @@ qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm, rv =3D virCgroupAllowDevicePath(priv->cgroup, mem->nvdimmPath, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", - mem->nvdimmPath, "rw", rv =3D=3D 0); + mem->nvdimmPath, "rw", rv); =20 return rv; } @@ -410,7 +410,7 @@ qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm, rv =3D virCgroupDenyDevicePath(priv->cgroup, mem->nvdimmPath, VIR_CGROUP_DEVICE_RWM, false); virDomainAuditCgroupPath(vm, priv->cgroup, - "deny", mem->nvdimmPath, "rwm", rv =3D=3D 0); + "deny", mem->nvdimmPath, "rwm", rv); return rv; } =20 @@ -434,7 +434,7 @@ qemuSetupGraphicsCgroup(virDomainObjPtr vm, ret =3D virCgroupAllowDevicePath(priv->cgroup, rendernode, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", rendernode, - "rw", ret =3D=3D 0); + "rw", ret); return ret; } =20 @@ -573,7 +573,7 @@ qemuSetupRNGCgroup(virDomainObjPtr vm, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "allow", rng->source.file, - "rw", rv =3D=3D 0); + "rw", rv); if (rv < 0 && !virLastErrorIsSystemErrno(ENOENT)) return -1; @@ -600,7 +600,7 @@ qemuTeardownRNGCgroup(virDomainObjPtr vm, VIR_CGROUP_DEVICE_RW, false); virDomainAuditCgroupPath(vm, priv->cgroup, "deny", rng->source.file, - "rw", rv =3D=3D 0); + "rw", rv); if (rv < 0 && !virLastErrorIsSystemErrno(ENOENT)) return -1; @@ -693,7 +693,7 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm) =20 rv =3D virCgroupAllowDevicePath(priv->cgroup, deviceACL[i], VIR_CGROUP_DEVICE_RW, false); - virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], = "rw", rv =3D=3D 0); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], = "rw", rv); if (rv < 0 && !virLastErrorIsSystemErrno(ENOENT)) goto cleanup; --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list