Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/conf/domain_audit.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
src/conf/domain_audit.h | 5 +++++
src/libvirt_private.syms | 1 +
3 files changed, 52 insertions(+)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 4afc22019..026fafe0c 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -865,6 +865,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
if (vm->def->tpm)
virDomainAuditTPM(vm, vm->def->tpm, "start", true);
+ if (vm->def->watchdog)
+ virDomainAuditWatchdog(vm, vm->def->watchdog, "start", true);
+
for (i = 0; i < vm->def->nshmems; i++)
virDomainAuditShmem(vm, vm->def->shmems[i], "start", true);
@@ -983,3 +986,46 @@ virDomainAuditShmem(virDomainObjPtr vm,
VIR_FREE(shmpath);
return;
}
+
+
+void
+virDomainAuditWatchdog(virDomainObjPtr vm,
+ virDomainWatchdogDefPtr def,
+ const char *reason, bool success)
+{
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ char *vmname;
+ char *alias = NULL;
+ char *device = NULL;
+ const char *virt;
+
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ if (!(vmname = virAuditEncode("vm", vm->def->name))) {
+ VIR_WARN("OOM while encoding audit message");
+ return;
+ }
+
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
+ if (VIR_STRDUP_QUIET(alias, def->info.alias) < 0) {
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+ }
+
+ if (!(device = virAuditEncode("device", VIR_AUDIT_STR(alias)))) {
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+ }
+
+ VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+ "virt=%s resrc=dev reason=%s %s uuid=%s %s",
+ virt, reason, vmname, uuidstr, device);
+
+ cleanup:
+ VIR_FREE(vmname);
+ VIR_FREE(device);
+ VIR_FREE(alias);
+}
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 8cb585dc7..3a0e0bd39 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -134,5 +134,10 @@ void virDomainAuditShmem(virDomainObjPtr vm,
const char *reason, bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditWatchdog(virDomainObjPtr vm,
+ virDomainWatchdogDefPtr def,
+ const char *reason, bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+
#endif /* __VIR_DOMAIN_AUDIT_H__ */
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 5b1bc5e4f..68ff1f2c3 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -167,6 +167,7 @@ virDomainAuditShmem;
virDomainAuditStart;
virDomainAuditStop;
virDomainAuditVcpu;
+virDomainAuditWatchdog;
# conf/domain_capabilities.h
--
2.13.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Sep 27, 2017 at 09:33:15 +0200, Michal Privoznik wrote:
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
> src/conf/domain_audit.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
> src/conf/domain_audit.h | 5 +++++
> src/libvirt_private.syms | 1 +
> 3 files changed, 52 insertions(+)
>
> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
> index 4afc22019..026fafe0c 100644
> --- a/src/conf/domain_audit.c
> +++ b/src/conf/domain_audit.c
[...]
> @@ -983,3 +986,46 @@ virDomainAuditShmem(virDomainObjPtr vm,
> VIR_FREE(shmpath);
> return;
> }
> +
> +
> +void
> +virDomainAuditWatchdog(virDomainObjPtr vm,
> + virDomainWatchdogDefPtr def,
> + const char *reason, bool success)
> +{
> + char uuidstr[VIR_UUID_STRING_BUFLEN];
> + char *vmname;
> + char *alias = NULL;
> + char *device = NULL;
> + const char *virt;
> +
> + virUUIDFormat(vm->def->uuid, uuidstr);
> + if (!(vmname = virAuditEncode("vm", vm->def->name))) {
> + VIR_WARN("OOM while encoding audit message");
> + return;
> + }
> +
> + if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
> + VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
> + virt = "?";
> + }
> +
> + if (VIR_STRDUP_QUIET(alias, def->info.alias) < 0) {
> + VIR_WARN("OOM while encoding audit message");
> + goto cleanup;
> + }
> +
> + if (!(device = virAuditEncode("device", VIR_AUDIT_STR(alias)))) {
> + VIR_WARN("OOM while encoding audit message");
> + goto cleanup;
> + }
> +
> + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
> + "virt=%s resrc=dev reason=%s %s uuid=%s %s",
> + virt, reason, vmname, uuidstr, device);
The audit message should identify the host resource which is used by the
VM. I doubt that the alias is a good reference to the host device in use.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 09/27/2017 10:41 AM, Peter Krempa wrote:
> On Wed, Sep 27, 2017 at 09:33:15 +0200, Michal Privoznik wrote:
>> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>> ---
>> src/conf/domain_audit.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
>> src/conf/domain_audit.h | 5 +++++
>> src/libvirt_private.syms | 1 +
>> 3 files changed, 52 insertions(+)
>>
>> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>> index 4afc22019..026fafe0c 100644
>> --- a/src/conf/domain_audit.c
>> +++ b/src/conf/domain_audit.c
>
> [...]
>
>> @@ -983,3 +986,46 @@ virDomainAuditShmem(virDomainObjPtr vm,
>> VIR_FREE(shmpath);
>> return;
>> }
>> +
>> +
>> +void
>> +virDomainAuditWatchdog(virDomainObjPtr vm,
>> + virDomainWatchdogDefPtr def,
>> + const char *reason, bool success)
>> +{
>> + char uuidstr[VIR_UUID_STRING_BUFLEN];
>> + char *vmname;
>> + char *alias = NULL;
>> + char *device = NULL;
>> + const char *virt;
>> +
>> + virUUIDFormat(vm->def->uuid, uuidstr);
>> + if (!(vmname = virAuditEncode("vm", vm->def->name))) {
>> + VIR_WARN("OOM while encoding audit message");
>> + return;
>> + }
>> +
>> + if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
>> + VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
>> + virt = "?";
>> + }
>> +
>> + if (VIR_STRDUP_QUIET(alias, def->info.alias) < 0) {
>> + VIR_WARN("OOM while encoding audit message");
>> + goto cleanup;
>> + }
>> +
>> + if (!(device = virAuditEncode("device", VIR_AUDIT_STR(alias)))) {
>> + VIR_WARN("OOM while encoding audit message");
>> + goto cleanup;
>> + }
>> +
>> + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
>> + "virt=%s resrc=dev reason=%s %s uuid=%s %s",
>> + virt, reason, vmname, uuidstr, device);
>
> The audit message should identify the host resource which is used by the
> VM. I doubt that the alias is a good reference to the host device in use.
>
>
There's no host resource to report. Watchdogs are purely virtual.
Therefore I went with the alias. But feel free to suggest a better option.
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Sep 27, 2017 at 11:10:31 +0200, Michal Privoznik wrote: > On 09/27/2017 10:41 AM, Peter Krempa wrote: > > On Wed, Sep 27, 2017 at 09:33:15 +0200, Michal Privoznik wrote: > >> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> > >> --- > >> src/conf/domain_audit.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ > >> src/conf/domain_audit.h | 5 +++++ > >> src/libvirt_private.syms | 1 + > >> 3 files changed, 52 insertions(+) > >> > >> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c > >> index 4afc22019..026fafe0c 100644 > >> --- a/src/conf/domain_audit.c > >> +++ b/src/conf/domain_audit.c [...] > > > >> + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, > >> + "virt=%s resrc=dev reason=%s %s uuid=%s %s", > >> + virt, reason, vmname, uuidstr, device); > > > > The audit message should identify the host resource which is used by the > > VM. I doubt that the alias is a good reference to the host device in use. > > > > > > There's no host resource to report. Watchdogs are purely virtual. > Therefore I went with the alias. But feel free to suggest a better option. Ah, in that case NACK. We don't audit purely virtual resources. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2025 Red Hat, Inc.