[libvirt] [PATCH 0/4] Support auditing of guests
Daniel P. Berrange
berrange at redhat.com
Tue Oct 12 17:32:14 UTC 2010
This patch series introduces basic support for auditing of guest
operations. The auditing hooks are primarily done in the libvirtd
dispatch layer, because we want to hook all stateful drivers
like QEMU, LXC, UML, etc. We don't want to audit the remote driver,
VMWare, XenAPI etc which are just plain RPC drivers.
There is an exception for auditing of the SELinux label assignment.
That has to be done right inside the sVirt code since the neccessary
info isn't available in the libvirtd dispatch layer.
This patch series focuses on lifecycle operations, but there are
quite alot of other things that are desirable to audit in the
future, so further patches will likely follow.
The last patch is semi-related, it fixes up a major screwup in
the linking of the daemon that caused duplicated copies of the
code to be linked. This was exposed by the audit work.
The patches are a combination of work by myself and Miloslav
NB, it should compile and run fine with any reasonably recent
audit package, but if you want correctly identified log messages
you need audit 2.0.5
Also, audit logs only appear if running libvirtd as root. Non
root users don't have permissions to generate audit logs.
Daniel
More information about the libvir-list
mailing list