|
 |
6ae9ed |
From 806108ea6df82f0702a5933feb75691828f9cabe Mon Sep 17 00:00:00 2001
|
|
|
6ae9ed |
Message-Id: <806108ea6df82f0702a5933feb75691828f9cabe@dist-git>
|
|
|
6ae9ed |
From: Martin Kletzander <mkletzan@redhat.com>
|
|
|
6ae9ed |
Date: Wed, 14 Sep 2016 12:49:18 +0200
|
|
|
6ae9ed |
Subject: [PATCH] audit: Audit information about shmem devices
|
|
|
6ae9ed |
|
|
|
6ae9ed |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1218603
|
|
|
6ae9ed |
|
|
|
6ae9ed |
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
|
|
6ae9ed |
(cherry picked from commit 94e2be842411b9f8ec9165c8d25c93716c1b30ca)
|
|
|
6ae9ed |
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
|
|
6ae9ed |
---
|
|
|
6ae9ed |
docs/auditlog.html.in | 19 +++++++++++++++++++
|
|
|
6ae9ed |
src/conf/domain_audit.c | 42 ++++++++++++++++++++++++++++++++++++++++++
|
|
|
6ae9ed |
src/conf/domain_audit.h | 4 ++++
|
|
|
6ae9ed |
src/libvirt_private.syms | 1 +
|
|
|
6ae9ed |
4 files changed, 66 insertions(+)
|
|
|
6ae9ed |
|
|
|
6ae9ed |
diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
|
|
|
6ae9ed |
index 012d068..0c778aa 100644
|
|
|
6ae9ed |
--- a/docs/auditlog.html.in
|
|
|
6ae9ed |
+++ b/docs/auditlog.html.in
|
|
|
6ae9ed |
@@ -352,5 +352,24 @@
|
|
|
6ae9ed |
The name of the cgroup controller
|
|
|
6ae9ed |
|
|
|
6ae9ed |
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ The msg field will include the following sub-fields
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ resrc
|
|
|
6ae9ed |
+ The type of resource assigned. Set to shmem
|
|
|
6ae9ed |
+ reason
|
|
|
6ae9ed |
+ The reason which caused the resource to be assigned to happen
|
|
|
6ae9ed |
+ size
|
|
|
6ae9ed |
+ The size of the shared memory region
|
|
|
6ae9ed |
+ shmem
|
|
|
6ae9ed |
+ Name of the shared memory region
|
|
|
6ae9ed |
+ source
|
|
|
6ae9ed |
+ Path of the backing character device for given emulated device
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
</body>
|
|
|
6ae9ed |
</html>
|
|
|
6ae9ed |
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
|
|
|
6ae9ed |
index 6ad0acb..f0cc49c 100644
|
|
|
6ae9ed |
--- a/src/conf/domain_audit.c
|
|
|
6ae9ed |
+++ b/src/conf/domain_audit.c
|
|
|
6ae9ed |
@@ -889,6 +889,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
|
|
|
6ae9ed |
if (vm->def->tpm)
|
|
|
6ae9ed |
virDomainAuditTPM(vm, vm->def->tpm, "start", true);
|
|
|
6ae9ed |
|
|
|
6ae9ed |
+ for (i = 0; i < vm->def->nshmems; i++)
|
|
|
6ae9ed |
+ virDomainAuditShmem(vm, vm->def->shmems[i], "start", true);
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
virDomainAuditMemory(vm, 0, virDomainDefGetMemoryTotal(vm->def),
|
|
|
6ae9ed |
"start", true);
|
|
|
6ae9ed |
virDomainAuditVcpu(vm, 0, virDomainDefGetVcpus(vm->def), "start", true);
|
|
|
6ae9ed |
@@ -963,3 +966,42 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
|
|
|
6ae9ed |
|
|
|
6ae9ed |
VIR_FREE(vmname);
|
|
|
6ae9ed |
}
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+void
|
|
|
6ae9ed |
+virDomainAuditShmem(virDomainObjPtr vm,
|
|
|
6ae9ed |
+ virDomainShmemDefPtr def,
|
|
|
6ae9ed |
+ const char *reason, bool success)
|
|
|
6ae9ed |
+{
|
|
|
6ae9ed |
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
|
|
|
6ae9ed |
+ char *vmname = virAuditEncode("vm", vm->def->name);
|
|
|
6ae9ed |
+ const char *srcpath = virDomainAuditChardevPath(&def->server.chr);
|
|
|
6ae9ed |
+ char *src = virAuditEncode("server", VIR_AUDIT_STR(srcpath));
|
|
|
6ae9ed |
+ char *shmem = virAuditEncode("shmem", VIR_AUDIT_STR(def->name));
|
|
|
6ae9ed |
+ const char *virt = virDomainVirtTypeToString(vm->def->virtType);
|
|
|
6ae9ed |
+ char *size = NULL;
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ virUUIDFormat(vm->def->uuid, uuidstr);
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ if (!vmname || !src || !size || !shmem ||
|
|
|
6ae9ed |
+ virAsprintfQuiet(&size, "%llu", def->size) < 0) {
|
|
|
6ae9ed |
+ VIR_WARN("OOM while encoding audit message");
|
|
|
6ae9ed |
+ goto cleanup;
|
|
|
6ae9ed |
+ }
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ if (!virt) {
|
|
|
6ae9ed |
+ VIR_WARN("Unexpected virt type %d while encoding audit message",
|
|
|
6ae9ed |
+ vm->def->virtType);
|
|
|
6ae9ed |
+ virt = "?";
|
|
|
6ae9ed |
+ }
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
|
|
|
6ae9ed |
+ "virt=%s resrc=shmem reason=%s %s uuid=%s size=%s %s %s",
|
|
|
6ae9ed |
+ virt, reason, vmname, uuidstr, size ?: "?", shmem, src);
|
|
|
6ae9ed |
+
|
|
|
6ae9ed |
+ cleanup:
|
|
|
6ae9ed |
+ VIR_FREE(vmname);
|
|
|
6ae9ed |
+ VIR_FREE(src);
|
|
|
6ae9ed |
+ VIR_FREE(size);
|
|
|
6ae9ed |
+ VIR_FREE(shmem);
|
|
|
6ae9ed |
+ return;
|
|
|
6ae9ed |
+}
|
|
|
6ae9ed |
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
|
|
|
6ae9ed |
index 97dadca..8cb585d 100644
|
|
|
6ae9ed |
--- a/src/conf/domain_audit.h
|
|
|
6ae9ed |
+++ b/src/conf/domain_audit.h
|
|
|
6ae9ed |
@@ -129,6 +129,10 @@ void virDomainAuditRNG(virDomainObjPtr vm,
|
|
|
6ae9ed |
const char *reason,
|
|
|
6ae9ed |
bool success)
|
|
|
6ae9ed |
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
|
|
6ae9ed |
+void virDomainAuditShmem(virDomainObjPtr vm,
|
|
|
6ae9ed |
+ virDomainShmemDefPtr def,
|
|
|
6ae9ed |
+ const char *reason, bool success)
|
|
|
6ae9ed |
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
|
|
|
6ae9ed |
|
|
|
6ae9ed |
|
|
|
6ae9ed |
#endif /* __VIR_DOMAIN_AUDIT_H__ */
|
|
|
6ae9ed |
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
|
|
|
6ae9ed |
index 92475a2..5878360 100644
|
|
|
6ae9ed |
--- a/src/libvirt_private.syms
|
|
|
6ae9ed |
+++ b/src/libvirt_private.syms
|
|
|
6ae9ed |
@@ -145,6 +145,7 @@ virDomainAuditNetDevice;
|
|
|
6ae9ed |
virDomainAuditRedirdev;
|
|
|
6ae9ed |
virDomainAuditRNG;
|
|
|
6ae9ed |
virDomainAuditSecurityLabel;
|
|
|
6ae9ed |
+virDomainAuditShmem;
|
|
|
6ae9ed |
virDomainAuditStart;
|
|
|
6ae9ed |
virDomainAuditStop;
|
|
|
6ae9ed |
virDomainAuditVcpu;
|
|
|
6ae9ed |
--
|
|
|
6ae9ed |
2.10.0
|
|
|
6ae9ed |
|