External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 12:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add auditing of security label in QEMU driver

Browse Source 
Add auditing of the allocated security label in the QEMU driver
VM startup code

* src/qemu/qemu_driver.c: Audit security label
This commit is contained in:
Daniel P. Berrange 2010-10-27 11:52:24 +01:00
parent 62622f841a
commit 160b5479f2
1 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/qemu/qemu_driver.c
View File

@ -3698,6 +3698,27 @@ static void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason)
qemuDomainLifecycleAudit(vm, "stop", reason, true);
}
static void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
VIR_WARN0("OOM while encoding audit message");
return;
}
VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, success,
"%s uuid=%s vm-ctx=%s img-ctx=%s",
vmname, uuidstr,
VIR_AUDIT_STR(vm->def->seclabel.label),
VIR_AUDIT_STR(vm->def->seclabel.imagelabel));
VIR_FREE(vmname);
}
static int qemudStartVMDaemon(virConnectPtr conn,
struct qemud_driver *driver,
virDomainObjPtr vm,
@ -3752,10 +3773,13 @@ static int qemudStartVMDaemon(virConnectPtr conn,
then generate a security label for isolation */
DEBUG0("Generating domain security label (if required)");
if (driver->securityDriver &&
driver->securityDriver->domainGenSecurityLabel &&
driver->securityDriver->domainGenSecurityLabel(driver->securityDriver,
vm) < 0)
goto cleanup;
driver->securityDriver->domainGenSecurityLabel) {
ret = driver->securityDriver->domainGenSecurityLabel(driver->securityDriver,
vm);
qemuDomainSecurityLabelAudit(vm, ret >= 0);
if (ret < 0)
goto cleanup;
}
DEBUG0("Generating setting domain security labels (if required)");
if (driver->securityDriver &&