[libvirt] [PATCH] audit: properly encode device path in cgroup audit
Laine Stump
laine at laine.org
Fri Apr 19 18:02:06 UTC 2013
On 04/19/2013 01:36 PM, Eric Blake wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=922186
>
> Commit d04916fa introduced a regression in audit quality - even
> though the code was computing the proper escaped name for a
> path, it wasn't feeding that escaped name on to the audit message.
> As a result, /var/log/audit/audit.log would mention a field
> path=/dev/hpet instead of the intended path="/dev/hpet", which
> in turn caused ausearch to format the audit log as path=(null).
>
> * src/conf/domain_audit.c (virDomainAuditCgroupPath): Use
> constructed encoding.
>
> Signed-off-by: Eric Blake <eblake at redhat.com>
> ---
>
> A rather embarrassing bug of mine, especially since it took
> two years to find that such a trivial fix was needed.
>
> src/conf/domain_audit.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
> index 85d97b4..6d0ae48 100644
> --- a/src/conf/domain_audit.c
> +++ b/src/conf/domain_audit.c
> @@ -1,7 +1,7 @@
> /*
> * domain_audit.c: Domain audit management
> *
> - * Copyright (C) 2006-2012 Red Hat, Inc.
> + * Copyright (C) 2006-2013 Red Hat, Inc.
> * Copyright (C) 2006 Daniel P. Berrange
> *
> * This library is free software; you can redistribute it and/or
> @@ -682,8 +682,8 @@ virDomainAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
> rdev = virDomainAuditGetRdev(path);
>
> if (!(detail = virAuditEncode("path", path)) ||
> - virAsprintf(&extra, "path path=%s rdev=%s acl=%s",
> - path, VIR_AUDIT_STR(rdev), perms) < 0) {
> + virAsprintf(&extra, "path %s rdev=%s acl=%s",
> + detail, VIR_AUDIT_STR(rdev), perms) < 0) {
> VIR_WARN("OOM while encoding audit message");
> goto cleanup;
> }
ACK.
More information about the libvir-list
mailing list