[libvirt] [PATCH] audit: Audit operations done by using VirtIO RNG

Peter Krempa pkrempa at redhat.com
Tue Mar 12 11:25:14 UTC 2013 

On 03/12/13 12:19, Daniel P. Berrange wrote:
> On Mon, Mar 11, 2013 at 05:19:36PM +0100, Peter Krempa wrote:
>> This patch adds auditing of resources used by the 'random' backend of
>> virtio RNG.
>> ---
>> If there's desire to audit also use of the "egd" backend that uses a
>> generic character device, a way how to audit this device will need to be
>> introduced. We don't audit useage of chardevs right now.
>>
>>   src/conf/domain_audit.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++
>>   1 file changed, 76 insertions(+)
>
> Can you update the commit message to give an example of the exact
> audit message that is generated from this. Also please Cc Steve
> Grubb when you re-post this, for sign-off from his position as
> audit tools maintainer.

Okay.

>
>> +static void
>> +virDomainAuditRNG(virDomainObjPtr vm,
>> +                  virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef,
>> +                  const char *reason, bool success)
>> +{
>> +    char uuidstr[VIR_UUID_STRING_BUFLEN];
>> +    char *vmname;
>> +    char *oldsrc = NULL;
>> +    char *newsrc = NULL;
>> +    const char *virt;
>> +
>> +    virUUIDFormat(vm->def->uuid, uuidstr);
>> +    if (!(vmname = virAuditEncode("vm", vm->def->name)))
>> +        goto no_memory;
>> +
>> +    if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
>> +        VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
>> +        virt = "?";
>> +    }
>> +
>> +    if (newDef) {
>> +        switch (newDef->backend) {
>> +        case VIR_DOMAIN_RNG_BACKEND_RANDOM:
>> +            if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newDef->source.file))))
>
> Can't newDef->source.file be NULL ? In such a case we need to explicitly
> fill in the file that QEMU will default to in the audit record. We can't
> leave the filename blank

Ah, yeah.

>
>> +                goto no_memory;
>> +            break;
>> +
>> +        case VIR_DOMAIN_RNG_BACKEND_EGD:
>> +        case VIR_DOMAIN_RNG_BACKEND_LAST:
>> +            if (!(newsrc = virAuditEncode("new-rng", "?")))
>
> We need to specify the EGD unix socket path we use too, not merely '?'.

This can be set to multiple things as the backend is a chardev from 
point of view of qemu:

The data can be transported using: TCP, UDP, unix sockets and a ton of 
other stuff, and we don't have a precedent case for this. Is there a 
need to represend TCP backends? Or auditing is meant just for local stuff?

>
>> +                goto no_memory;
>> +            break;
>> +        }
>> +    } else {
>> +        if (!(newsrc = virAuditEncode("new-rng", "?")))
>> +            goto no_memory;
>> +    }
>> +

Peter

More information about the libvir-list mailing list