[libvirt] [PATCHv2 0/5] audit: add some more audit hooks
Eric Blake
eblake at redhat.com
Thu Feb 24 00:02:58 UTC 2011
I'm following up on danpb's patches to add initial audit support to
qemu actions (see around commit 8dc136b in Oct 2010). This series
adds the following additional audit points:
All changes to the device ACL whitelist via the cgroup device controller
All changes to memory balloon and vcpu sizes
All changes to pci and usb device passthrough
Here's an example audit, using audit-2.0.6-1.el6.x86_64 from RHEL,
where I hot-unplugged a PCI device from a guest:
type=VIRT_RESOURCE msg=audit(1298504227.432:914): user pid=13400 uid=0 auid=500 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=dev reason=detach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 type=pci device="0000:0a:0a.0": exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
And one where I reduced memory via ballooning:
type=VIRT_RESOURCE msg=audit(1298505060.916:927): user pid=13400 uid=0 auid=500 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=mem reason=update vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-mem=786432 new-mem=524288: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
Changes since v1[1]:
Rebased (assumes that Jirka's patch series[2] to clean up qemuCmdFlags
will go in first, otherwise you will get minor conflicts when applying)
Added some patches
Reworked the cgroup ACL patches to avoid spamming the audit log when
visiting a regular file instead of a device
[1] https://www.redhat.com/archives/libvir-list/2011-February/msg00565.html
[2] https://www.redhat.com/archives/libvir-list/2011-February/msg00985.html
Eric Blake (5):
cgroup: determine when skipping non-devices
audit: prepare qemu for listing vm in cgroup audits
audit: add qemu hooks for auditing cgroup events
audit: audit qemu memory and vcpu adjusments
audit: audit qemu pci and usb device passthrough
src/qemu/qemu_audit.c | 178 ++++++++++++++++++++++++++++++++++++++++++++++-
src/qemu/qemu_audit.h | 23 ++++++-
src/qemu/qemu_cgroup.c | 95 +++++++++++++++----------
src/qemu/qemu_cgroup.h | 21 +++---
src/qemu/qemu_driver.c | 28 +++++--
src/qemu/qemu_hotplug.c | 35 ++++-----
src/util/cgroup.c | 7 +-
7 files changed, 305 insertions(+), 82 deletions(-)
--
1.7.4
More information about the libvir-list
mailing list