[libvirt] [PATCHv3] audit: Audit resources used by VirtIO RNG
Daniel P. Berrange
berrange at redhat.com
Wed Mar 13 10:21:00 UTC 2013
On Wed, Mar 13, 2013 at 10:46:24AM +0100, Peter Krempa wrote:
> This patch adds auditing of resources used by Virtio RNG devices. Only
> resources on the local filesystems are audited.
>
> The audit logs look like:
>
> For the 'random' backend:
> type=VIRT_RESOURCE msg=audit(1363099126.643:31): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/dev/random": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'
>
> For local character device source:
> type=VIRT_RESOURCE msg=audit(1363100164.240:96): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/tmp/unix.sock": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'
> ---
>
> Notes:
> Version 3:
> - don't log non-local resources for EGD backend
> - change order of blocks of code to optimize
>
> Version 2:
> - log also EGD backends
> - add example of audit message to commit message
>
> src/conf/domain_audit.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 120 insertions(+)
ACK, but wait 1 more day to give Steve Grubb a chance to
raise any issues before pushing.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list