[libvirt] [PATCH 2/6] Add auditing of filesystems
Daniel P. Berrange
berrange at redhat.com
Mon Jul 4 11:33:33 UTC 2011
When passing through filesystems from the host to a guest, the
host filesystem past must be audited
* src/conf/domain_audit.{c,h}: Add virDomainAuditFS
---
src/conf/domain_audit.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
src/conf/domain_audit.h | 6 ++++++
src/libvirt_private.syms | 1 +
3 files changed, 53 insertions(+), 0 deletions(-)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index d9f4430..20f6ddc 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -100,6 +100,47 @@ cleanup:
void
+virDomainAuditFS(virDomainObjPtr vm,
+ virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
+ const char *reason, bool success)
+{
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ char *vmname;
+ char *oldsrc = NULL;
+ char *newsrc = NULL;
+
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ if (!(vmname = virAuditEncode("vm", vm->def->name))) {
+ VIR_WARN("OOM while encoding audit message");
+ return;
+ }
+
+ if (!(oldsrc = virAuditEncode("old-fs",
+ oldDef && oldDef->src ?
+ oldDef->src : "?"))) {
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+ }
+ if (!(newsrc = virAuditEncode("new-fs",
+ newDef && newDef->src ?
+ newDef->src : "?"))) {
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+ }
+
+ VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+ "resrc=fs reason=%s %s uuid=%s %s %s",
+ reason, vmname, uuidstr,
+ oldsrc, newsrc);
+
+cleanup:
+ VIR_FREE(vmname);
+ VIR_FREE(oldsrc);
+ VIR_FREE(newsrc);
+}
+
+
+void
virDomainAuditNet(virDomainObjPtr vm,
virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
const char *reason, bool success)
@@ -433,6 +474,11 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
virDomainAuditDisk(vm, NULL, disk, "start", true);
}
+ for (i = 0 ; i < vm->def->nfss ; i++) {
+ virDomainFSDefPtr fs = vm->def->fss[i];
+ virDomainAuditFS(vm, NULL, fs, "start", true);
+ }
+
for (i = 0 ; i < vm->def->nnets ; i++) {
virDomainNetDefPtr net = vm->def->nets[i];
virDomainAuditNet(vm, NULL, net, "start", true);
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index dee6e83..a309a4c 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -40,6 +40,12 @@ void virDomainAuditDisk(virDomainObjPtr vm,
const char *reason,
bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditFS(virDomainObjPtr vm,
+ virDomainFSDefPtr oldDef,
+ virDomainFSDefPtr newDef,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
void virDomainAuditNet(virDomainObjPtr vm,
virDomainNetDefPtr oldDef,
virDomainNetDefPtr newDef,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 18c0af8..1890b1c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -207,6 +207,7 @@ virDomainAuditCgroup;
virDomainAuditCgroupMajor;
virDomainAuditCgroupPath;
virDomainAuditDisk;
+virDomainAuditFS;
virDomainAuditHostdev;
virDomainAuditMemory;
virDomainAuditNet;
--
1.7.4.4
More information about the libvir-list
mailing list