[libvirt] [PATCHv3 0/2] more audit patches - audit network device fds
Eric Blake
eblake at redhat.com
Wed Mar 9 20:42:37 UTC 2011
I hope this closes out my audit series. As promised in
https://www.redhat.com/archives/libvir-list/2011-March/msg00415.html,
here's the updated and tested network device auditing patches. This
time, I've completed testing: in virt-manager, I attached a hypervisor
default (non-virtio, so no /dev/vhost-net), then detached it, then
attached a virtio interface in its place, and got the following audit
messages:
type=VIRT_RESOURCE msg=audit(1299702937.924:81114): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=open vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 net='52:54:00:80:C6:06' path="/dev/net/tun" rdev=0A:C8: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
type=VIRT_RESOURCE msg=audit(1299702937.928:81115): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=attach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-net='?' new-net='52:54:00:80:C6:06': exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
type=VIRT_RESOURCE msg=audit(1299702995.378:81117): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=detach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-net='52:54:00:80:C6:06' new-net='?': exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
type=VIRT_RESOURCE msg=audit(1299703012.919:81119): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=open vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 net='52:54:00:31:26:F9' path="/dev/net/tun" rdev=0A:C8: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
type=VIRT_RESOURCE msg=audit(1299703012.919:81120): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=open vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 net='52:54:00:31:26:F9' path="/dev/vhost-net" rdev=0A:39: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
type=VIRT_RESOURCE msg=audit(1299703013.002:81121): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=attach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-net='?' new-net='52:54:00:31:26:F9': exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success'
Changes in v3: rename the audit method to qemuAuditNetDevice, and
insert audit points after all attempts to open a network device that
might later be passed to a qemu -netdev; document why I didn't audit
closeout of said fds
Eric Blake (2):
qemu: support vhost in attach-interface
audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net
src/qemu/qemu_audit.c | 41 ++++++++++++++++++++++++++++++++
src/qemu/qemu_audit.h | 5 ++++
src/qemu/qemu_command.c | 43 ++++++++++++++++-----------------
src/qemu/qemu_command.h | 14 ++++++++---
src/qemu/qemu_hotplug.c | 60 ++++++++++++++++++++++++++++++++++++++++------
5 files changed, 129 insertions(+), 34 deletions(-)
--
1.7.4
More information about the libvir-list
mailing list