[libvirt] [PATCH] audit: properly encode device path in cgroup audit
Eric Blake
eblake at redhat.com
Fri Apr 19 17:36:57 UTC 2013
https://bugzilla.redhat.com/show_bug.cgi?id=922186
Commit d04916fa introduced a regression in audit quality - even
though the code was computing the proper escaped name for a
path, it wasn't feeding that escaped name on to the audit message.
As a result, /var/log/audit/audit.log would mention a field
path=/dev/hpet instead of the intended path="/dev/hpet", which
in turn caused ausearch to format the audit log as path=(null).
* src/conf/domain_audit.c (virDomainAuditCgroupPath): Use
constructed encoding.
Signed-off-by: Eric Blake <eblake at redhat.com>
---
A rather embarrassing bug of mine, especially since it took
two years to find that such a trivial fix was needed.
src/conf/domain_audit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 85d97b4..6d0ae48 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -1,7 +1,7 @@
/*
* domain_audit.c: Domain audit management
*
- * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006-2013 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -682,8 +682,8 @@ virDomainAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
rdev = virDomainAuditGetRdev(path);
if (!(detail = virAuditEncode("path", path)) ||
- virAsprintf(&extra, "path path=%s rdev=%s acl=%s",
- path, VIR_AUDIT_STR(rdev), perms) < 0) {
+ virAsprintf(&extra, "path %s rdev=%s acl=%s",
+ detail, VIR_AUDIT_STR(rdev), perms) < 0) {
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
--
1.8.1.4
More information about the libvir-list
mailing list