[libvirt] [PATCH 5/7] Add auditing of start/stop events to the QEMU driver
Daniel Veillard
veillard at redhat.com
Wed Oct 27 14:55:10 UTC 2010
On Wed, Oct 27, 2010 at 03:48:59PM +0100, Daniel P. Berrange wrote:
> On Wed, Oct 27, 2010 at 04:46:30PM +0200, Daniel Veillard wrote:
> > On Wed, Oct 27, 2010 at 03:39:02PM +0100, Daniel P. Berrange wrote:
> > > On Wed, Oct 27, 2010 at 04:33:03PM +0200, Daniel Veillard wrote:
> > > > On Wed, Oct 27, 2010 at 12:36:15PM +0100, Daniel P. Berrange wrote:
> > > > > Add audit hooks to report all start and stop events on QEMU
> > > > > guest domains.
> > > > >
> > > > > * src/qemu/qemu_driver.c: Audit start/stop events
> > > > > ---
> > > > > src/qemu/qemu_driver.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++-
> > > > > 1 files changed, 57 insertions(+), 2 deletions(-)
> > > >
> > > > patch 1-4 trivial ACKs
> > > >
> > > > One of the differences if we lock down in the driver (beside the
> > > > redundancy that will be needed) is that we end up writing to the
> > > > audit system deep in the driver with all the locks needed for operation.
> > > > Is there a risk of being blocked while writing to the audit system ?
> > > > This could potentially be a problem because all operations on the
> > > > domain would be stopped during that time.
> > >
> > > Quite possibly, but I believe audit people would describe this scenario
> > > as a feature, rather than a bug :-)
> >
> > Grumpf ... :-(
> > I'm fine with allowing code which can monitor/affect normal operation
> > behaviour but it must be off by default then.
> > There is no default set in daemon/libvirtd.conf for audit_level, I
> > would like to see an assumed value of 0 then, is that the case ?
>
> The default is that libvirt auditing will be enabled, if auditing is
> enabled on the OS.
Grumpf :-( , another randomization of the default behaviour of the
library ... now each time we will have a bug reported, we will have to
wonder if there isn't some audit rules doing some trick. At least it
should now change the behaviour, it can just slow or stop operations
on that domain,
right ?
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list