[libvirt] [PATCH 05/10] conf:audit: introduce audit function for shared memory device

Martin Kletzander mkletzan at redhat.com
Wed Jul 8 11:56:33 UTC 2015


On Wed, Jun 17, 2015 at 11:56:16AM +0800, Luyao Huang wrote:
>Signed-off-by: Luyao Huang <lhuang at redhat.com>
>---
> docs/auditlog.html.in    | 16 ++++++++++++++++
> src/conf/domain_audit.c  | 16 ++++++++++++++++
> src/conf/domain_audit.h  |  6 ++++++
> src/libvirt_private.syms |  1 +
> 4 files changed, 39 insertions(+)
>
>diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
>index 8a007ca..b168cbf 100644
>--- a/docs/auditlog.html.in
>+++ b/docs/auditlog.html.in
>@@ -301,6 +301,22 @@
>       <dd>Updated path of the backing character device for given emulated device</dd>
>     </dl>
>
>+    <h4><a name="typeresourceivshmem">Shared memory device</a></h4>
>+    <p>
>+      The <code>msg</code> field will include the following sub-fields
>+    </p>
>+
>+    <dl>
>+      <dt>reason</dt>
>+      <dd>The reason which caused the resource to be assigned to happen</dd>
>+      <dt>resrc</dt>
>+      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
>+      <dt>old-shmem</dt>
>+      <dd>Original memory size of share memory device in bytes, or 0</dd>
>+      <dt>new-shmem</dt>
>+      <dd>Updated memory size of share memory device in bytes</dd>

I don't think memory size is the thing audit cares about, it should be
the name/path mostly.  Even better if we could audit all of it (size,
name, path).

>+    </dl>
>+
>     <h4><a name="typeresourcesmartcard">smartcard</a></h4>
>     <p>
>       The <code>msg</code> field will include the following sub-fields
>diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>index 1900039..aa2b4b5 100644
>--- a/src/conf/domain_audit.c
>+++ b/src/conf/domain_audit.c
>@@ -799,6 +799,19 @@ virDomainAuditIOThread(virDomainObjPtr vm,
>                                   reason, success);
> }
>
>+
>+void
>+virDomainAuditShmem(virDomainObjPtr vm,
>+                    virDomainShmemDefPtr oldDef, virDomainShmemDefPtr newDef,
>+                    const char *reason, bool success)
>+{
>+    return virDomainAuditResource(vm, "shmem",
>+                                  oldDef ? oldDef->size : 0,
>+                                  newDef ? newDef->size : 0,
>+                                  reason, success);
>+}
>+
>+
> static void
> virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
>                         const char *reason, bool success)
>@@ -880,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
>     for (i = 0; i < vm->def->nrngs; i++)
>         virDomainAuditRNG(vm, NULL, vm->def->rngs[i], "start", true);
>
>+    for (i = 0; i < vm->def->nshmems; i++)
>+        virDomainAuditShmem(vm, NULL, vm->def->shmems[i], "start", true);
>+
>     if (vm->def->tpm)
>         virDomainAuditTPM(vm, vm->def->tpm, "start", true);
>
>diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
>index 97dadca..081cbb1 100644
>--- a/src/conf/domain_audit.h
>+++ b/src/conf/domain_audit.h
>@@ -129,6 +129,12 @@ void virDomainAuditRNG(virDomainObjPtr vm,
>                        const char *reason,
>                        bool success)
>     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
>+void virDomainAuditShmem(virDomainObjPtr vm,
>+                         virDomainShmemDefPtr oldDef,
>+                         virDomainShmemDefPtr newDef,
>+                         const char *reason,
>+                         bool success)
>+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
>
>
> #endif /* __VIR_DOMAIN_AUDIT_H__ */
>diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
>index dc8a52d..3ceb4e3 100644
>--- a/src/libvirt_private.syms
>+++ b/src/libvirt_private.syms
>@@ -134,6 +134,7 @@ virDomainAuditNetDevice;
> virDomainAuditRedirdev;
> virDomainAuditRNG;
> virDomainAuditSecurityLabel;
>+virDomainAuditShmem;
> virDomainAuditStart;
> virDomainAuditStop;
> virDomainAuditVcpu;
>--
>1.8.3.1
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150708/41eac7ee/attachment-0001.sig>


More information about the libvir-list mailing list