[libvirt] [PATCH v2 1/3] audit: Audit information about watchdog devices

Michal Privoznik mprivozn at redhat.com
Wed Sep 27 09:10:31 UTC 2017 

On 09/27/2017 10:41 AM, Peter Krempa wrote:
> On Wed, Sep 27, 2017 at 09:33:15 +0200, Michal Privoznik wrote:
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> ---
>>  src/conf/domain_audit.c  | 46 ++++++++++++++++++++++++++++++++++++++++++++++
>>  src/conf/domain_audit.h  |  5 +++++
>>  src/libvirt_private.syms |  1 +
>>  3 files changed, 52 insertions(+)
>>
>> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>> index 4afc22019..026fafe0c 100644
>> --- a/src/conf/domain_audit.c
>> +++ b/src/conf/domain_audit.c
> 
> [...]
> 
>> @@ -983,3 +986,46 @@ virDomainAuditShmem(virDomainObjPtr vm,
>>      VIR_FREE(shmpath);
>>      return;
>>  }
>> +
>> +
>> +void
>> +virDomainAuditWatchdog(virDomainObjPtr vm,
>> +                       virDomainWatchdogDefPtr def,
>> +                       const char *reason, bool success)
>> +{
>> +    char uuidstr[VIR_UUID_STRING_BUFLEN];
>> +    char *vmname;
>> +    char *alias = NULL;
>> +    char *device = NULL;
>> +    const char *virt;
>> +
>> +    virUUIDFormat(vm->def->uuid, uuidstr);
>> +    if (!(vmname = virAuditEncode("vm", vm->def->name))) {
>> +        VIR_WARN("OOM while encoding audit message");
>> +        return;
>> +    }
>> +
>> +    if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
>> +        VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
>> +        virt = "?";
>> +    }
>> +
>> +    if (VIR_STRDUP_QUIET(alias, def->info.alias) < 0) {
>> +        VIR_WARN("OOM while encoding audit message");
>> +        goto cleanup;
>> +    }
>> +
>> +    if (!(device = virAuditEncode("device", VIR_AUDIT_STR(alias)))) {
>> +        VIR_WARN("OOM while encoding audit message");
>> +        goto cleanup;
>> +    }
>> +
>> +    VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
>> +              "virt=%s resrc=dev reason=%s %s uuid=%s %s",
>> +              virt, reason, vmname, uuidstr, device);
> 
> The audit message should identify the host resource which is used by the
> VM. I doubt that the alias is a good reference to the host device in use.
> 
> 

There's no host resource to report. Watchdogs are purely virtual.
Therefore I went with the alias. But feel free to suggest a better option.

Michal

More information about the libvir-list mailing list