shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-10 05:17:59 +03:00
Code Releases Activity

audit: Audit information about shmem devices

Browse Source 
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1218603

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Martin Kletzander 2016-08-11 11:40:18 +02:00
parent 92513bc23a
commit 94e2be8424
4 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/auditlog.html.in
View File

@ -352,5 +352,24 @@
<dd>The name of the cgroup controller</dd> <dd>The name of the cgroup controller</dd>
</dl> </dl>
<h4><a name="typeresourceshmem">Shared memory</a></h4>
<p>
The <code>msg</code> field will include the following sub-fields
</p>
<dl>
<dt><code>resrc</code></dt>
<dd>The type of resource assigned. Set to <code>shmem</code></dd>
<dt><code>reason</code></dt>
<dd>The reason which caused the resource to be assigned to happen</dd>
<dt><code>size</code></dt>
<dd>The size of the shared memory region</dd>
<dt><code>shmem</code></dt>
<dd>Name of the shared memory region</dd>
<dt><code>source</code></dt>
<dd>Path of the backing character device for given emulated device</dd>
</dl>
</body> </body>
</html> </html>

42
src/conf/domain_audit.c
View File

@ -890,6 +890,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
if (vm->def->tpm) if (vm->def->tpm)
virDomainAuditTPM(vm, vm->def->tpm, "start", true); virDomainAuditTPM(vm, vm->def->tpm, "start", true);
for (i = 0; i < vm->def->nshmems; i++)
virDomainAuditShmem(vm, vm->def->shmems[i], "start", true);
virDomainAuditMemory(vm, 0, virDomainDefGetMemoryTotal(vm->def), virDomainAuditMemory(vm, 0, virDomainDefGetMemoryTotal(vm->def),
"start", true); "start", true);
virDomainAuditVcpu(vm, 0, virDomainDefGetVcpus(vm->def), "start", true); virDomainAuditVcpu(vm, 0, virDomainDefGetVcpus(vm->def), "start", true);
@ -964,3 +967,42 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
VIR_FREE(vmname); VIR_FREE(vmname);
} }
void
virDomainAuditShmem(virDomainObjPtr vm,
virDomainShmemDefPtr def,
const char *reason, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname = virAuditEncode("vm", vm->def->name);
const char *srcpath = virDomainAuditChardevPath(&def->server.chr);
char *src = virAuditEncode("server", VIR_AUDIT_STR(srcpath));
char *shmem = virAuditEncode("shmem", VIR_AUDIT_STR(def->name));
const char *virt = virDomainVirtTypeToString(vm->def->virtType);
char *size = NULL;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!vmname || !src || !size || !shmem ||
virAsprintfQuiet(&size, "%llu", def->size) < 0) {
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
if (!virt) {
VIR_WARN("Unexpected virt type %d while encoding audit message",
vm->def->virtType);
virt = "?";
}
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
"virt=%s resrc=shmem reason=%s %s uuid=%s size=%s %s %s",
virt, reason, vmname, uuidstr, size ?: "?", shmem, src);
cleanup:
VIR_FREE(vmname);
VIR_FREE(src);
VIR_FREE(size);
VIR_FREE(shmem);
return;
}

4
src/conf/domain_audit.h
View File

@ -129,6 +129,10 @@ void virDomainAuditRNG(virDomainObjPtr vm,
const char *reason, const char *reason,
bool success) bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
void virDomainAuditShmem(virDomainObjPtr vm,
virDomainShmemDefPtr def,
const char *reason, bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
#endif /* __VIR_DOMAIN_AUDIT_H__ */ #endif /* __VIR_DOMAIN_AUDIT_H__ */

1
src/libvirt_private.syms
View File

@ -146,6 +146,7 @@ virDomainAuditNetDevice;
virDomainAuditRedirdev; virDomainAuditRedirdev;
virDomainAuditRNG; virDomainAuditRNG;
virDomainAuditSecurityLabel; virDomainAuditSecurityLabel;
virDomainAuditShmem;
virDomainAuditStart; virDomainAuditStart;
virDomainAuditStop; virDomainAuditStop;
virDomainAuditVcpu; virDomainAuditVcpu;