From 6d602f116c825548f0cc1b003fc7209c678530e3 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 3 Jul 2014 10:28:12 +0200
Subject: [PATCH] audit: disk: Refactor disk auditing to avoid auditing remote
 storage

Pass the virStorageSource struct to the auditing function and check if
storage is local before auditing.
---
 src/conf/domain_audit.c | 25 ++++++++++++++++---------
 src/conf/domain_audit.h |  4 ++--
 src/lxc/lxc_driver.c    |  6 +++---
 src/qemu/qemu_driver.c  |  4 ++--
 src/qemu/qemu_hotplug.c | 21 ++++++++-------------
 5 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 2326791bb4..6e11f39146 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -156,10 +156,21 @@ virDomainAuditGenericDev(virDomainObjPtr vm,
 
 void
 virDomainAuditDisk(virDomainObjPtr vm,
-                   const char *oldDef, const char *newDef,
-                   const char *reason, bool success)
+                   virStorageSourcePtr oldDef,
+                   virStorageSourcePtr newDef,
+                   const char *reason,
+                   bool success)
 {
-    virDomainAuditGenericDev(vm, "disk", oldDef, newDef, reason, success);
+    const char *oldsrc = NULL;
+    const char *newsrc = NULL;
+
+    if (oldDef && virStorageSourceIsLocalStorage(oldDef))
+        oldsrc = oldDef->path;
+
+    if (newDef && virStorageSourceIsLocalStorage(newDef))
+        newsrc = newDef->path;
+
+    virDomainAuditGenericDev(vm, "disk", oldsrc, newsrc, reason, success);
 }
 
 
@@ -738,12 +749,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
 {
     size_t i;
 
-    for (i = 0; i < vm->def->ndisks; i++) {
-        const char *src = virDomainDiskGetSource(vm->def->disks[i]);
-
-        if (src) /* Skips CDROM without media initially inserted */
-            virDomainAuditDisk(vm, NULL, src, "start", true);
-    }
+    for (i = 0; i < vm->def->ndisks; i++)
+        virDomainAuditDisk(vm, NULL, vm->def->disks[i]->src, "start", true);
 
     for (i = 0; i < vm->def->nfss; i++) {
         virDomainFSDefPtr fs = vm->def->fss[i];
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 70b09e5aa9..58d25a494c 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -39,8 +39,8 @@ void virDomainAuditStop(virDomainObjPtr vm,
                         const char *reason)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
 void virDomainAuditDisk(virDomainObjPtr vm,
-                        const char *oldDef,
-                        const char *newDef,
+                        virStorageSourcePtr oldDef,
+                        virStorageSourcePtr newDef,
                         const char *reason,
                         bool success)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 79c3b4a4b1..fce16f2d04 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -4099,7 +4099,7 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
 
  cleanup:
     if (src)
-        virDomainAuditDisk(vm, NULL, src, "attach", ret == 0);
+        virDomainAuditDisk(vm, NULL, def->src, "attach", ret == 0);
     VIR_FREE(file);
     return ret;
 }
@@ -4587,10 +4587,10 @@ lxcDomainDetachDeviceDiskLive(virDomainObjPtr vm,
     }
 
     if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) {
-        virDomainAuditDisk(vm, src, NULL, "detach", false);
+        virDomainAuditDisk(vm, def->src, NULL, "detach", false);
         goto cleanup;
     }
-    virDomainAuditDisk(vm, src, NULL, "detach", true);
+    virDomainAuditDisk(vm, def->src, NULL, "detach", true);
 
     if (virCgroupDenyDevicePath(priv->cgroup, src, VIR_CGROUP_DEVICE_RWM) != 0)
         VIR_WARN("cannot deny device %s for domain %s",
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 112a9bf0cc..fcb318808d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -12947,7 +12947,7 @@ qemuDomainSnapshotCreateSingleDiskActive(virQEMUDriverPtr driver,
         }
     }
 
-    virDomainAuditDisk(vm, disk->src->path, source, "snapshot", ret >= 0);
+    virDomainAuditDisk(vm, disk->src, snap->src, "snapshot", ret >= 0);
     if (ret < 0)
         goto cleanup;
 
@@ -15378,7 +15378,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
     qemuDomainObjEnterMonitor(driver, vm);
     ret = qemuMonitorDriveMirror(priv->mon, device, dest, format, bandwidth,
                                  flags);
-    virDomainAuditDisk(vm, NULL, dest, "mirror", ret >= 0);
+    virDomainAuditDisk(vm, NULL, mirror, "mirror", ret >= 0);
     qemuDomainObjExitMonitor(driver, vm);
     if (ret < 0) {
         qemuDomainPrepareDiskChainElementPath(driver, vm, disk, dest,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 3060dbcad1..b6033df065 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -154,9 +154,7 @@ int qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver,
         qemuDomainObjExitMonitor(driver, vm);
     }
  audit:
-    if (src)
-        virDomainAuditDisk(vm, virDomainDiskGetSource(origdisk),
-                           src, "update", ret >= 0);
+    virDomainAuditDisk(vm, origdisk->src, disk->src, "update", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -330,7 +328,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
     }
     qemuDomainObjExitMonitor(driver, vm);
 
-    virDomainAuditDisk(vm, NULL, src, "attach", ret >= 0);
+    virDomainAuditDisk(vm, NULL, disk->src, "attach", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -583,7 +581,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
     }
     qemuDomainObjExitMonitor(driver, vm);
 
-    virDomainAuditDisk(vm, NULL, src, "attach", ret >= 0);
+    virDomainAuditDisk(vm, NULL, disk->src, "attach", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -677,7 +675,7 @@ qemuDomainAttachUSBMassstorageDevice(virConnectPtr conn,
     }
     qemuDomainObjExitMonitor(driver, vm);
 
-    virDomainAuditDisk(vm, NULL, src, "attach", ret >= 0);
+    virDomainAuditDisk(vm, NULL, disk->src, "attach", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -2487,7 +2485,7 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
     qemuDomainObjExitMonitor(driver, vm);
     VIR_FREE(drivestr);
 
-    virDomainAuditDisk(vm, src, NULL, "detach", true);
+    virDomainAuditDisk(vm, disk->src, NULL, "detach", true);
 
     event = virDomainEventDeviceRemovedNewFromObj(vm, disk->info.alias);
     if (event)
@@ -2940,16 +2938,14 @@ qemuDomainDetachVirtioDiskDevice(virQEMUDriverPtr driver,
     if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
             qemuDomainObjExitMonitor(driver, vm);
-            virDomainAuditDisk(vm, virDomainDiskGetSource(detach),
-                               NULL, "detach", false);
+            virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
             goto cleanup;
         }
     } else {
         if (qemuMonitorRemovePCIDevice(priv->mon,
                                        &detach->info.addr.pci) < 0) {
             qemuDomainObjExitMonitor(driver, vm);
-            virDomainAuditDisk(vm, virDomainDiskGetSource(detach),
-                               NULL, "detach", false);
+            virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
             goto cleanup;
         }
     }
@@ -2994,8 +2990,7 @@ qemuDomainDetachDiskDevice(virQEMUDriverPtr driver,
     qemuDomainObjEnterMonitor(driver, vm);
     if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
         qemuDomainObjExitMonitor(driver, vm);
-        virDomainAuditDisk(vm, virDomainDiskGetSource(detach),
-                           NULL, "detach", false);
+        virDomainAuditDisk(vm, detach->src, NULL, "detach", false);
         goto cleanup;
     }
     qemuDomainObjExitMonitor(driver, vm);