External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-28 11:31:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Log an audit message with the LXC init pid

Browse Source 
Currently the LXC driver logs audit messages when a container
is started or stopped. These audit messages, however, contain
the PID of the libvirt_lxc supervisor process. To enable
sysadmins to correlate with audit messages generated by
processes /inside/ the container, we need to include the
container init process PID.

We can't do this in the main 'start' audit message, since
the init PID is not available at that point. Instead we output
a completely new audit record, that lists both PIDs.

type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2012-11-20 17:49:25 +00:00
parent f33e43c235
commit a615833664
8 changed files with 102 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/conf/domain_audit.c
View File

@ -605,6 +605,32 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
virDomainAuditLifecycle(vm, "start", reason, success); virDomainAuditLifecycle(vm, "start", reason, success);
} }
void
virDomainAuditInit(virDomainObjPtr vm,
pid_t initpid)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
VIR_WARN("OOM while encoding audit message");
return;
}
if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
virt = "?";
}
VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, true,
"virt=%s op=init %s uuid=%s vm-pid=%lld init-pid=%lld",
virt, vmname, uuidstr, (long long)vm->pid, (long long)initpid);
VIR_FREE(vmname);
}
void void
virDomainAuditStop(virDomainObjPtr vm, const char *reason) virDomainAuditStop(virDomainObjPtr vm, const char *reason)

3
src/conf/domain_audit.h
View File

@ -31,6 +31,9 @@ void virDomainAuditStart(virDomainObjPtr vm,
const char *reason, const char *reason,
bool success) bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
void virDomainAuditInit(virDomainObjPtr vm,
pid_t pid)
ATTRIBUTE_NONNULL(1);
void virDomainAuditStop(virDomainObjPtr vm, void virDomainAuditStop(virDomainObjPtr vm,
const char *reason) const char *reason)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);

1
src/libvirt_private.syms
View File

@ -258,6 +258,7 @@ virDomainAuditCgroupPath;
virDomainAuditDisk; virDomainAuditDisk;
virDomainAuditFS; virDomainAuditFS;
virDomainAuditHostdev; virDomainAuditHostdev;
virDomainAuditInit;
virDomainAuditMemory; virDomainAuditMemory;
virDomainAuditNet; virDomainAuditNet;
virDomainAuditNetDevice; virDomainAuditNetDevice;

31
src/lxc/lxc_controller.c
View File

@ -125,6 +125,7 @@ struct _virLXCController {
/* Server socket */ /* Server socket */
virNetServerPtr server; virNetServerPtr server;
bool firstClient;
virNetServerClientPtr client; virNetServerClientPtr client;
virNetServerProgramPtr prog; virNetServerProgramPtr prog;
bool inShutdown; bool inShutdown;
@ -134,6 +135,8 @@ struct _virLXCController {
#include "lxc_controller_dispatch.h" #include "lxc_controller_dispatch.h"
static void virLXCControllerFree(virLXCControllerPtr ctrl); static void virLXCControllerFree(virLXCControllerPtr ctrl);
static int virLXCControllerEventSendInit(virLXCControllerPtr ctrl,
pid_t initpid);
static void virLXCControllerQuitTimer(int timer ATTRIBUTE_UNUSED, void *opaque) static void virLXCControllerQuitTimer(int timer ATTRIBUTE_UNUSED, void *opaque)
{ {
@ -154,6 +157,7 @@ static virLXCControllerPtr virLXCControllerNew(const char *name)
goto no_memory; goto no_memory;
ctrl->timerShutdown = -1; ctrl->timerShutdown = -1;
ctrl->firstClient = true;
if (!(ctrl->name = strdup(name))) if (!(ctrl->name = strdup(name)))
goto no_memory; goto no_memory;
@ -591,6 +595,11 @@ static void *virLXCControllerClientPrivateNew(virNetServerClientPtr client,
virNetServerClientSetCloseHook(client, virLXCControllerClientCloseHook); virNetServerClientSetCloseHook(client, virLXCControllerClientCloseHook);
VIR_DEBUG("Got new client %p", client); VIR_DEBUG("Got new client %p", client);
ctrl->client = client; ctrl->client = client;
if (ctrl->initpid && ctrl->firstClient)
virLXCControllerEventSendInit(ctrl, ctrl->initpid);
ctrl->firstClient = false;
return dummy; return dummy;
} }
@ -1278,8 +1287,10 @@ virLXCControllerEventSend(virLXCControllerPtr ctrl,
{ {
virNetMessagePtr msg; virNetMessagePtr msg;
if (!ctrl->client) if (!ctrl->client) {
VIR_WARN("Dropping event %d becuase libvirtd is not connected", procnr);
return; return;
}
VIR_DEBUG("Send event %d client=%p", procnr, ctrl->client); VIR_DEBUG("Send event %d client=%p", procnr, ctrl->client);
if (!(msg = virNetMessageNew(false))) if (!(msg = virNetMessageNew(false)))
@ -1346,6 +1357,24 @@ virLXCControllerEventSendExit(virLXCControllerPtr ctrl,
} }
static int
virLXCControllerEventSendInit(virLXCControllerPtr ctrl,
pid_t initpid)
{
virLXCProtocolInitEventMsg msg;
VIR_DEBUG("Init pid %llu", (unsigned long long)initpid);
memset(&msg, 0, sizeof(msg));
msg.initpid = initpid;
virLXCControllerEventSend(ctrl,
VIR_LXC_PROTOCOL_PROC_INIT_EVENT,
(xdrproc_t)xdr_virLXCProtocolInitEventMsg,
(void*)&msg);
return 0;
}
static int static int
virLXCControllerRun(virLXCControllerPtr ctrl) virLXCControllerRun(virLXCControllerPtr ctrl)
{ {

23
src/lxc/lxc_monitor.c
View File

@ -65,12 +65,20 @@ static void
virLXCMonitorHandleEventExit(virNetClientProgramPtr prog, virLXCMonitorHandleEventExit(virNetClientProgramPtr prog,
virNetClientPtr client, virNetClientPtr client,
void *evdata, void *opaque); void *evdata, void *opaque);
static void
virLXCMonitorHandleEventInit(virNetClientProgramPtr prog,
virNetClientPtr client,
void *evdata, void *opaque);
static virNetClientProgramEvent virLXCProtocolEvents[] = { static virNetClientProgramEvent virLXCProtocolEvents[] = {
{ VIR_LXC_PROTOCOL_PROC_EXIT_EVENT, { VIR_LXC_PROTOCOL_PROC_EXIT_EVENT,
virLXCMonitorHandleEventExit, virLXCMonitorHandleEventExit,
sizeof(virLXCProtocolExitEventMsg), sizeof(virLXCProtocolExitEventMsg),
(xdrproc_t)xdr_virLXCProtocolExitEventMsg }, (xdrproc_t)xdr_virLXCProtocolExitEventMsg },
{ VIR_LXC_PROTOCOL_PROC_INIT_EVENT,
virLXCMonitorHandleEventInit,
sizeof(virLXCProtocolInitEventMsg),
(xdrproc_t)xdr_virLXCProtocolInitEventMsg },
}; };
@ -88,6 +96,21 @@ virLXCMonitorHandleEventExit(virNetClientProgramPtr prog ATTRIBUTE_UNUSED,
} }
static void
virLXCMonitorHandleEventInit(virNetClientProgramPtr prog ATTRIBUTE_UNUSED,
virNetClientPtr client ATTRIBUTE_UNUSED,
void *evdata, void *opaque)
{
virLXCMonitorPtr mon = opaque;
virLXCProtocolInitEventMsg *msg = evdata;
VIR_DEBUG("Event init %llu",
(unsigned long long)msg->initpid);
if (mon->cb.initNotify)
mon->cb.initNotify(mon, (pid_t)msg->initpid, mon->vm);
}
static void virLXCMonitorEOFNotify(virNetClientPtr client ATTRIBUTE_UNUSED, static void virLXCMonitorEOFNotify(virNetClientPtr client ATTRIBUTE_UNUSED,
int reason ATTRIBUTE_UNUSED, int reason ATTRIBUTE_UNUSED,
void *opaque) void *opaque)

5
src/lxc/lxc_monitor.h
View File

@ -40,10 +40,15 @@ typedef void (*virLXCMonitorCallbackExitNotify)(virLXCMonitorPtr mon,
virLXCProtocolExitStatus status, virLXCProtocolExitStatus status,
virDomainObjPtr vm); virDomainObjPtr vm);
typedef void (*virLXCMonitorCallbackInitNotify)(virLXCMonitorPtr mon,
pid_t pid,
virDomainObjPtr vm);
struct _virLXCMonitorCallbacks { struct _virLXCMonitorCallbacks {
virLXCMonitorCallbackDestroy destroy; virLXCMonitorCallbackDestroy destroy;
virLXCMonitorCallbackEOFNotify eofNotify; virLXCMonitorCallbackEOFNotify eofNotify;
virLXCMonitorCallbackExitNotify exitNotify; virLXCMonitorCallbackExitNotify exitNotify;
virLXCMonitorCallbackInitNotify initNotify;
}; };
virLXCMonitorPtr virLXCMonitorNew(virDomainObjPtr vm, virLXCMonitorPtr virLXCMonitorNew(virDomainObjPtr vm,

8
src/lxc/lxc_process.c
View File

@ -637,9 +637,17 @@ static void virLXCProcessMonitorExitNotify(virLXCMonitorPtr mon ATTRIBUTE_UNUSED
priv->stopReason, status); priv->stopReason, status);
} }
static void virLXCProcessMonitorInitNotify(virLXCMonitorPtr mon ATTRIBUTE_UNUSED,
pid_t initpid,
virDomainObjPtr vm)
{
virDomainAuditInit(vm, initpid);
}
static virLXCMonitorCallbacks monitorCallbacks = { static virLXCMonitorCallbacks monitorCallbacks = {
.eofNotify = virLXCProcessMonitorEOFNotify, .eofNotify = virLXCProcessMonitorEOFNotify,
.exitNotify = virLXCProcessMonitorExitNotify, .exitNotify = virLXCProcessMonitorExitNotify,
.initNotify = virLXCProcessMonitorInitNotify,
}; };

7
src/lxc/lxc_protocol.x
View File

@ -14,9 +14,14 @@ struct virLXCProtocolExitEventMsg {
enum virLXCProtocolExitStatus status; enum virLXCProtocolExitStatus status;
}; };
struct virLXCProtocolInitEventMsg {
unsigned hyper initpid;
};
const VIR_LXC_PROTOCOL_PROGRAM = 0x12341234; const VIR_LXC_PROTOCOL_PROGRAM = 0x12341234;
const VIR_LXC_PROTOCOL_PROGRAM_VERSION = 1; const VIR_LXC_PROTOCOL_PROGRAM_VERSION = 1;
enum virLXCProtocolProcedure { enum virLXCProtocolProcedure {
VIR_LXC_PROTOCOL_PROC_EXIT_EVENT = 1 /* skipgen skipgen */ VIR_LXC_PROTOCOL_PROC_EXIT_EVENT = 1, /* skipgen skipgen */
VIR_LXC_PROTOCOL_PROC_INIT_EVENT = 2 /* skipgen skipgen */
}; };