[libvirt] [PATCH 05/10] conf:audit: introduce audit function for shared memory device
lhuang
lhuang at redhat.com
Thu Jul 9 02:16:08 UTC 2015
On 07/08/2015 07:56 PM, Martin Kletzander wrote:
> On Wed, Jun 17, 2015 at 11:56:16AM +0800, Luyao Huang wrote:
>> Signed-off-by: Luyao Huang <lhuang at redhat.com>
>> ---
>> docs/auditlog.html.in | 16 ++++++++++++++++
>> src/conf/domain_audit.c | 16 ++++++++++++++++
>> src/conf/domain_audit.h | 6 ++++++
>> src/libvirt_private.syms | 1 +
>> 4 files changed, 39 insertions(+)
>>
>> diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
>> index 8a007ca..b168cbf 100644
>> --- a/docs/auditlog.html.in
>> +++ b/docs/auditlog.html.in
>> @@ -301,6 +301,22 @@
>> <dd>Updated path of the backing character device for given
>> emulated device</dd>
>> </dl>
>>
>> + <h4><a name="typeresourceivshmem">Shared memory device</a></h4>
>> + <p>
>> + The <code>msg</code> field will include the following sub-fields
>> + </p>
>> +
>> + <dl>
>> + <dt>reason</dt>
>> + <dd>The reason which caused the resource to be assigned to
>> happen</dd>
>> + <dt>resrc</dt>
>> + <dd>The type of resource assigned. Set to <code>shmem</code></dd>
>> + <dt>old-shmem</dt>
>> + <dd>Original memory size of share memory device in bytes, or
>> 0</dd>
>> + <dt>new-shmem</dt>
>> + <dd>Updated memory size of share memory device in bytes</dd>
>
> I don't think memory size is the thing audit cares about, it should be
> the name/path mostly. Even better if we could audit all of it (size,
> name, path).
Okay, i agreed with you,
Thanks a lot for your review.
Luyao
>
>> + </dl>
>> +
>> <h4><a name="typeresourcesmartcard">smartcard</a></h4>
>> <p>
>> The <code>msg</code> field will include the following sub-fields
>> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>> index 1900039..aa2b4b5 100644
>> --- a/src/conf/domain_audit.c
>> +++ b/src/conf/domain_audit.c
>> @@ -799,6 +799,19 @@ virDomainAuditIOThread(virDomainObjPtr vm,
>> reason, success);
>> }
>>
>> +
>> +void
>> +virDomainAuditShmem(virDomainObjPtr vm,
>> + virDomainShmemDefPtr oldDef,
>> virDomainShmemDefPtr newDef,
>> + const char *reason, bool success)
>> +{
>> + return virDomainAuditResource(vm, "shmem",
>> + oldDef ? oldDef->size : 0,
>> + newDef ? newDef->size : 0,
>> + reason, success);
>> +}
>> +
>> +
>> static void
>> virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
>> const char *reason, bool success)
>> @@ -880,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const
>> char *reason, bool success)
>> for (i = 0; i < vm->def->nrngs; i++)
>> virDomainAuditRNG(vm, NULL, vm->def->rngs[i], "start", true);
>>
>> + for (i = 0; i < vm->def->nshmems; i++)
>> + virDomainAuditShmem(vm, NULL, vm->def->shmems[i], "start",
>> true);
>> +
>> if (vm->def->tpm)
>> virDomainAuditTPM(vm, vm->def->tpm, "start", true);
>>
>> diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
>> index 97dadca..081cbb1 100644
>> --- a/src/conf/domain_audit.h
>> +++ b/src/conf/domain_audit.h
>> @@ -129,6 +129,12 @@ void virDomainAuditRNG(virDomainObjPtr vm,
>> const char *reason,
>> bool success)
>> ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
>> +void virDomainAuditShmem(virDomainObjPtr vm,
>> + virDomainShmemDefPtr oldDef,
>> + virDomainShmemDefPtr newDef,
>> + const char *reason,
>> + bool success)
>> + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
>>
>>
>> #endif /* __VIR_DOMAIN_AUDIT_H__ */
>> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
>> index dc8a52d..3ceb4e3 100644
>> --- a/src/libvirt_private.syms
>> +++ b/src/libvirt_private.syms
>> @@ -134,6 +134,7 @@ virDomainAuditNetDevice;
>> virDomainAuditRedirdev;
>> virDomainAuditRNG;
>> virDomainAuditSecurityLabel;
>> +virDomainAuditShmem;
>> virDomainAuditStart;
>> virDomainAuditStop;
>> virDomainAuditVcpu;
>> --
>> 1.8.3.1
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list