render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
e6dfe8
From d25881180ef0b8b11bb5a51317cb49a194e37a76 Mon Sep 17 00:00:00 2001
e6dfe8
Message-Id: <d25881180ef0b8b11bb5a51317cb49a194e37a76@dist-git>
e6dfe8
From: Eduardo Habkost <ehabkost@redhat.com>
e6dfe8
Date: Mon, 9 Apr 2018 15:46:47 +0200
e6dfe8
Subject: [PATCH] qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath()
e6dfe8
 calls
e6dfe8
MIME-Version: 1.0
e6dfe8
Content-Type: text/plain; charset=UTF-8
e6dfe8
Content-Transfer-Encoding: 8bit
e6dfe8
e6dfe8
https://bugzilla.redhat.com/show_bug.cgi?id=1564996
e6dfe8
e6dfe8
All calls to virDomainAuditCgroupPath() were passing 'rc == 0' as
e6dfe8
argument, when it was supposed to pass the 'rc' value directly.
e6dfe8
e6dfe8
As a consequence, the audit events that were supposed to be
e6dfe8
logged (actual cgroup changes) were never being logged, and bogus
e6dfe8
audit events were logged when using regular files as disk image.
e6dfe8
e6dfe8
Fix all calls to use the return value of
e6dfe8
virCgroup{Allow,Deny}Device*() directly as the 'rc' argument.
e6dfe8
e6dfe8
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
e6dfe8
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
e6dfe8
(cherry picked from commit 9a22251bbe6a4ff8dab90da53a1c0df82d8d29fc)
e6dfe8
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
e6dfe8
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
e6dfe8
Reviewed-by: Ján Tomko <jtomko@redhat.com>
e6dfe8
---
e6dfe8
 src/qemu/qemu_cgroup.c | 28 ++++++++++++++--------------
e6dfe8
 1 file changed, 14 insertions(+), 14 deletions(-)
e6dfe8
e6dfe8
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
e6dfe8
index 41e27c21e2..b604edb31c 100644
e6dfe8
--- a/src/qemu/qemu_cgroup.c
e6dfe8
+++ b/src/qemu/qemu_cgroup.c
e6dfe8
@@ -75,7 +75,7 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm,
e6dfe8
 
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
e6dfe8
                              virCgroupGetDevicePermsString(perms),
e6dfe8
-                             ret == 0);
e6dfe8
+                             ret);
e6dfe8
 
e6dfe8
     return ret;
e6dfe8
 }
e6dfe8
@@ -129,7 +129,7 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
e6dfe8
     ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);
e6dfe8
 
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup, "deny", src->path,
e6dfe8
-                             virCgroupGetDevicePermsString(perms), ret == 0);
e6dfe8
+                             virCgroupGetDevicePermsString(perms), ret);
e6dfe8
 
e6dfe8
     return ret;
e6dfe8
 }
e6dfe8
@@ -187,7 +187,7 @@ qemuSetupChrSourceCgroup(virDomainObjPtr vm,
e6dfe8
     ret = virCgroupAllowDevicePath(priv->cgroup, source->data.file.path,
e6dfe8
                                    VIR_CGROUP_DEVICE_RW, false);
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
e6dfe8
-                             source->data.file.path, "rw", ret == 0);
e6dfe8
+                             source->data.file.path, "rw", ret);
e6dfe8
 
e6dfe8
     return ret;
e6dfe8
 }
e6dfe8
@@ -211,7 +211,7 @@ qemuTeardownChrSourceCgroup(virDomainObjPtr vm,
e6dfe8
     ret = virCgroupDenyDevicePath(priv->cgroup, source->data.file.path,
e6dfe8
                                   VIR_CGROUP_DEVICE_RW, false);
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
e6dfe8
-                             source->data.file.path, "rw", ret == 0);
e6dfe8
+                             source->data.file.path, "rw", ret);
e6dfe8
 
e6dfe8
     return ret;
e6dfe8
 }
e6dfe8
@@ -261,7 +261,7 @@ qemuSetupInputCgroup(virDomainObjPtr vm,
e6dfe8
         VIR_DEBUG("Process path '%s' for input device", dev->source.evdev);
e6dfe8
         ret = virCgroupAllowDevicePath(priv->cgroup, dev->source.evdev,
e6dfe8
                                        VIR_CGROUP_DEVICE_RW, false);
e6dfe8
-        virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.evdev, "rw", ret == 0);
e6dfe8
+        virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.evdev, "rw", ret);
e6dfe8
         break;
e6dfe8
     }
e6dfe8
 
e6dfe8
@@ -284,7 +284,7 @@ qemuTeardownInputCgroup(virDomainObjPtr vm,
e6dfe8
         VIR_DEBUG("Process path '%s' for input device", dev->source.evdev);
e6dfe8
         ret = virCgroupDenyDevicePath(priv->cgroup, dev->source.evdev,
e6dfe8
                                       VIR_CGROUP_DEVICE_RWM, false);
e6dfe8
-        virDomainAuditCgroupPath(vm, priv->cgroup, "deny", dev->source.evdev, "rwm", ret == 0);
e6dfe8
+        virDomainAuditCgroupPath(vm, priv->cgroup, "deny", dev->source.evdev, "rwm", ret);
e6dfe8
         break;
e6dfe8
     }
e6dfe8
 
e6dfe8
@@ -313,7 +313,7 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm,
e6dfe8
         rv = virCgroupAllowDevicePath(priv->cgroup, path[i], perms[i], false);
e6dfe8
         virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path[i],
e6dfe8
                                  virCgroupGetDevicePermsString(perms[i]),
e6dfe8
-                                 ret == 0);
e6dfe8
+                                 rv);
e6dfe8
         if (rv < 0)
e6dfe8
             goto cleanup;
e6dfe8
     }
e6dfe8
@@ -357,7 +357,7 @@ qemuTeardownHostdevCgroup(virDomainObjPtr vm,
e6dfe8
         rv = virCgroupDenyDevicePath(priv->cgroup, path[i],
e6dfe8
                                      VIR_CGROUP_DEVICE_RWM, false);
e6dfe8
         virDomainAuditCgroupPath(vm, priv->cgroup,
e6dfe8
-                                 "deny", path[i], "rwm", rv == 0);
e6dfe8
+                                 "deny", path[i], "rwm", rv);
e6dfe8
         if (rv < 0)
e6dfe8
             goto cleanup;
e6dfe8
     }
e6dfe8
@@ -388,7 +388,7 @@ qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
e6dfe8
     rv = virCgroupAllowDevicePath(priv->cgroup, mem->nvdimmPath,
e6dfe8
                                   VIR_CGROUP_DEVICE_RW, false);
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
e6dfe8
-                             mem->nvdimmPath, "rw", rv == 0);
e6dfe8
+                             mem->nvdimmPath, "rw", rv);
e6dfe8
 
e6dfe8
     return rv;
e6dfe8
 }
e6dfe8
@@ -410,7 +410,7 @@ qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
e6dfe8
     rv = virCgroupDenyDevicePath(priv->cgroup, mem->nvdimmPath,
e6dfe8
                                  VIR_CGROUP_DEVICE_RWM, false);
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup,
e6dfe8
-                             "deny", mem->nvdimmPath, "rwm", rv == 0);
e6dfe8
+                             "deny", mem->nvdimmPath, "rwm", rv);
e6dfe8
     return rv;
e6dfe8
 }
e6dfe8
 
e6dfe8
@@ -434,7 +434,7 @@ qemuSetupGraphicsCgroup(virDomainObjPtr vm,
e6dfe8
     ret = virCgroupAllowDevicePath(priv->cgroup, rendernode,
e6dfe8
                                    VIR_CGROUP_DEVICE_RW, false);
e6dfe8
     virDomainAuditCgroupPath(vm, priv->cgroup, "allow", rendernode,
e6dfe8
-                             "rw", ret == 0);
e6dfe8
+                             "rw", ret);
e6dfe8
     return ret;
e6dfe8
 }
e6dfe8
 
e6dfe8
@@ -573,7 +573,7 @@ qemuSetupRNGCgroup(virDomainObjPtr vm,
e6dfe8
                                       VIR_CGROUP_DEVICE_RW, false);
e6dfe8
         virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
e6dfe8
                                  rng->source.file,
e6dfe8
-                                 "rw", rv == 0);
e6dfe8
+                                 "rw", rv);
e6dfe8
         if (rv < 0 &&
e6dfe8
             !virLastErrorIsSystemErrno(ENOENT))
e6dfe8
             return -1;
e6dfe8
@@ -600,7 +600,7 @@ qemuTeardownRNGCgroup(virDomainObjPtr vm,
e6dfe8
                                      VIR_CGROUP_DEVICE_RW, false);
e6dfe8
         virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
e6dfe8
                                  rng->source.file,
e6dfe8
-                                 "rw", rv == 0);
e6dfe8
+                                 "rw", rv);
e6dfe8
         if (rv < 0 &&
e6dfe8
             !virLastErrorIsSystemErrno(ENOENT))
e6dfe8
             return -1;
e6dfe8
@@ -693,7 +693,7 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm)
e6dfe8
 
e6dfe8
         rv = virCgroupAllowDevicePath(priv->cgroup, deviceACL[i],
e6dfe8
                                       VIR_CGROUP_DEVICE_RW, false);
e6dfe8
-        virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rv == 0);
e6dfe8
+        virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rv);
e6dfe8
         if (rv < 0 &&
e6dfe8
             !virLastErrorIsSystemErrno(ENOENT))
e6dfe8
             goto cleanup;
e6dfe8
-- 
e6dfe8
2.17.0
e6dfe8