[libvirt] [PATCH 2/7] Remove audit hooks from the selinux security driver code
Daniel P. Berrange
berrange at redhat.com
Wed Oct 27 11:36:12 UTC 2010
This reverts commit b8e2de8899594edcd78b3a7cb1b39b89bbed2891
The hooks will be re-added in the QEMU driver itself.
* src/security/security_selinux.c: Remove audit hooks
---
src/security/security_selinux.c | 22 ++++------------------
1 files changed, 4 insertions(+), 18 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 0995d67..a9dd836 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -28,8 +28,6 @@
#include "pci.h"
#include "hostusb.h"
#include "storage_file.h"
-#include "uuid.h"
-#include "virtaudit.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
@@ -162,22 +160,20 @@ SELinuxGenSecurityLabel(virSecurityDriverPtr drv ATTRIBUTE_UNUSED,
virDomainObjPtr vm)
{
int rc = -1;
- char mcs[1024], uuidstr[VIR_UUID_STRING_BUFLEN];
+ char mcs[1024];
char *scontext = NULL;
int c1 = 0;
int c2 = 0;
- if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC) {
- rc = 0;
- goto done;
- }
+ if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_STATIC)
+ return 0;
if (vm->def->seclabel.label ||
vm->def->seclabel.model ||
vm->def->seclabel.imagelabel) {
virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("security label already defined for VM"));
- goto done;
+ return rc;
}
do {
@@ -221,16 +217,6 @@ err:
VIR_FREE(vm->def->seclabel.model);
done:
VIR_FREE(scontext);
-
- virUUIDFormat(vm->def->uuid, uuidstr);
- /* The derived socket context is not audited. */
-#define STR(X) ((X) != NULL ? (X) : "?")
- VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, rc == 0,
- "name=%s uuid=%s process-context=%s image-context=%s",
- vm->def->name, uuidstr, STR(vm->def->seclabel.label),
- STR(vm->def->seclabel.imagelabel));
-#undef STR
-
return rc;
}
--
1.7.2.3
More information about the libvir-list
mailing list