From b43070ebfc587070787fa58be33367385a5c6fe7 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Mon, 4 Jul 2011 11:56:13 +0100 Subject: [PATCH] Move qemu_audit.h helpers into shared code The LXC and UML drivers can both make use of auditing. Move the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h} * src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c * src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h * src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h} * src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c, src/qemu/qemu_command.c, src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c, src/qemu/qemu_process.c: Update for changed audit API names --- src/Makefile.am | 2 +- .../qemu_audit.c => conf/domain_audit.c} | 116 +++++++++--------- src/conf/domain_audit.h | 99 +++++++++++++++ src/libvirt_private.syms | 15 +++ src/qemu/qemu_audit.h | 99 --------------- src/qemu/qemu_cgroup.c | 26 ++-- src/qemu/qemu_command.c | 8 +- src/qemu/qemu_driver.c | 28 ++--- src/qemu/qemu_hotplug.c | 48 ++++---- src/qemu/qemu_migration.c | 26 ++-- src/qemu/qemu_process.c | 10 +- 11 files changed, 246 insertions(+), 231 deletions(-) rename src/{qemu/qemu_audit.c => conf/domain_audit.c} (78%) create mode 100644 src/conf/domain_audit.h delete mode 100644 src/qemu/qemu_audit.h diff --git a/src/Makefile.am b/src/Makefile.am index 4dd9359141..39f0cf80c6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -108,6 +108,7 @@ LOCK_DRIVER_SANLOCK_SOURCES = \ DOMAIN_CONF_SOURCES = \ conf/capabilities.c conf/capabilities.h \ conf/domain_conf.c conf/domain_conf.h \ + conf/domain_audit.c conf/domain_audit.h \ conf/domain_nwfilter.c conf/domain_nwfilter.h DOMAIN_EVENT_SOURCES = \ @@ -317,7 +318,6 @@ QEMU_DRIVER_SOURCES = \ qemu/qemu_capabilities.c qemu/qemu_capabilities.h\ qemu/qemu_command.c qemu/qemu_command.h \ qemu/qemu_domain.c qemu/qemu_domain.h \ - qemu/qemu_audit.c qemu/qemu_audit.h \ qemu/qemu_cgroup.c qemu/qemu_cgroup.h \ qemu/qemu_hostdev.c qemu/qemu_hostdev.h \ qemu/qemu_hotplug.c qemu/qemu_hotplug.h \ diff --git a/src/qemu/qemu_audit.c b/src/conf/domain_audit.c similarity index 78% rename from src/qemu/qemu_audit.c rename to src/conf/domain_audit.c index 1d88fb5327..b3451629e9 100644 --- a/src/qemu/qemu_audit.c +++ b/src/conf/domain_audit.c @@ -1,5 +1,5 @@ /* - * qemu_audit.c: QEMU audit management + * domain_audit.c: Domain audit management * * Copyright (C) 2006-2011 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange @@ -26,7 +26,7 @@ #include #include -#include "qemu_audit.h" +#include "domain_audit.h" #include "viraudit.h" #include "uuid.h" #include "logging.h" @@ -37,7 +37,7 @@ * for other file types, stat failure, or allocation failure. */ #if defined major && defined minor static char * -qemuAuditGetRdev(const char *path) +virDomainAuditGetRdev(const char *path) { char *ret = NULL; struct stat sb; @@ -52,16 +52,16 @@ qemuAuditGetRdev(const char *path) } #else static char * -qemuAuditGetRdev(const char *path ATTRIBUTE_UNUSED) +virDomainAuditGetRdev(const char *path ATTRIBUTE_UNUSED) { return NULL; } #endif void -qemuAuditDisk(virDomainObjPtr vm, - virDomainDiskDefPtr oldDef, virDomainDiskDefPtr newDef, - const char *reason, bool success) +virDomainAuditDisk(virDomainObjPtr vm, + virDomainDiskDefPtr oldDef, virDomainDiskDefPtr newDef, + const char *reason, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; @@ -100,9 +100,9 @@ cleanup: void -qemuAuditNet(virDomainObjPtr vm, - virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef, - const char *reason, bool success) +virDomainAuditNet(virDomainObjPtr vm, + virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef, + const char *reason, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char newMacstr[VIR_MAC_STRING_BUFLEN]; @@ -129,20 +129,20 @@ qemuAuditNet(virDomainObjPtr vm, } /** - * qemuAuditNetDevice: + * virDomainAuditNetDevice: * @vm: domain opening a network-related device * @def: details of network device that fd will be tied to * @device: device being opened (such as /dev/vhost-net, * /dev/net/tun, /dev/tanN). Note that merely opening a device - * does not mean that qemu owns it; a followup qemuAuditNet + * does not mean that virDomain owns it; a followup virDomainAuditNet * shows whether the fd was passed on. * @success: true if the device was opened * * Log an audit message about an attempted network device open. */ void -qemuAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef, - const char *device, bool success) +virDomainAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef, + const char *device, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char macstr[VIR_MAC_STRING_BUFLEN]; @@ -152,7 +152,7 @@ qemuAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef, virUUIDFormat(vmDef->uuid, uuidstr); virFormatMacAddr(netDef->mac, macstr); - rdev = qemuAuditGetRdev(device); + rdev = virDomainAuditGetRdev(device); if (!(vmname = virAuditEncode("vm", vmDef->name)) || !(devname = virAuditEncode("path", device))) { @@ -171,7 +171,7 @@ cleanup: } /** - * qemuAuditHostdev: + * virDomainAuditHostdev: * @vm: domain making a change in pass-through host device * @hostdev: device being attached or removed * @reason: one of "start", "attach", or "detach" @@ -180,8 +180,8 @@ cleanup: * Log an audit message about an attempted device passthrough change. */ void -qemuAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev, - const char *reason, bool success) +virDomainAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev, + const char *reason, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; @@ -238,21 +238,21 @@ cleanup: /** - * qemuAuditCgroup: + * virDomainAuditCgroup: * @vm: domain making the cgroups ACL change * @cgroup: cgroup that manages the devices * @reason: either "allow" or "deny" * @extra: additional details, in the form "all", * "major category=xyz maj=nn", or "path path=xyz dev=nn:mm" (the - * latter two are generated by qemuAuditCgroupMajor and - * qemuAuditCgroupPath). + * latter two are generated by virDomainAuditCgroupMajor and + * virDomainAuditCgroupPath). * @success: true if the cgroup operation succeeded * * Log an audit message about an attempted cgroup device ACL change. */ void -qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup, - const char *reason, const char *extra, bool success) +virDomainAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup, + const char *reason, const char *extra, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; @@ -281,7 +281,7 @@ qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup, } /** - * qemuAuditCgroupMajor: + * virDomainAuditCgroupMajor: * @vm: domain making the cgroups ACL change * @cgroup: cgroup that manages the devices * @reason: either "allow" or "deny" @@ -293,9 +293,9 @@ qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup, * Log an audit message about an attempted cgroup device ACL change. */ void -qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup, - const char *reason, int maj, const char *name, - const char *perms, bool success) +virDomainAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup, + const char *reason, int maj, const char *name, + const char *perms, bool success) { char *extra; @@ -305,13 +305,13 @@ qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup, return; } - qemuAuditCgroup(vm, cgroup, reason, extra, success); + virDomainAuditCgroup(vm, cgroup, reason, extra, success); VIR_FREE(extra); } /** - * qemuAuditCgroupPath: + * virDomainAuditCgroupPath: * @vm: domain making the cgroups ACL change * @cgroup: cgroup that manages the devices * @reason: either "allow" or "deny" @@ -323,9 +323,9 @@ qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup, * a specific device. */ void -qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup, - const char *reason, const char *path, const char *perms, - int rc) +virDomainAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup, + const char *reason, const char *path, const char *perms, + int rc) { char *detail; char *rdev; @@ -335,7 +335,7 @@ qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup, if (rc > 0) return; - rdev = qemuAuditGetRdev(path); + rdev = virDomainAuditGetRdev(path); if (!(detail = virAuditEncode("path", path)) || virAsprintf(&extra, "path path=%s rdev=%s acl=%s", @@ -344,7 +344,7 @@ qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup, goto cleanup; } - qemuAuditCgroup(vm, cgroup, reason, extra, rc == 0); + virDomainAuditCgroup(vm, cgroup, reason, extra, rc == 0); cleanup: VIR_FREE(extra); @@ -353,7 +353,7 @@ cleanup: } /** - * qemuAuditResource: + * virDomainAuditResource: * @vm: domain making an integer resource change * @resource: name of the resource: "mem" or "vcpu" * @oldval: the old value of the resource @@ -364,9 +364,9 @@ cleanup: * Log an audit message about an attempted resource change. */ static void -qemuAuditResource(virDomainObjPtr vm, const char *resource, - unsigned long long oldval, unsigned long long newval, - const char *reason, bool success) +virDomainAuditResource(virDomainObjPtr vm, const char *resource, + unsigned long long oldval, unsigned long long newval, + const char *reason, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; @@ -386,24 +386,24 @@ qemuAuditResource(virDomainObjPtr vm, const char *resource, } void -qemuAuditMemory(virDomainObjPtr vm, - unsigned long long oldmem, unsigned long long newmem, - const char *reason, bool success) +virDomainAuditMemory(virDomainObjPtr vm, + unsigned long long oldmem, unsigned long long newmem, + const char *reason, bool success) { - return qemuAuditResource(vm, "mem", oldmem, newmem, reason, success); + return virDomainAuditResource(vm, "mem", oldmem, newmem, reason, success); } void -qemuAuditVcpu(virDomainObjPtr vm, - unsigned int oldvcpu, unsigned int newvcpu, - const char *reason, bool success) +virDomainAuditVcpu(virDomainObjPtr vm, + unsigned int oldvcpu, unsigned int newvcpu, + const char *reason, bool success) { - return qemuAuditResource(vm, "vcpu", oldvcpu, newvcpu, reason, success); + return virDomainAuditResource(vm, "vcpu", oldvcpu, newvcpu, reason, success); } static void -qemuAuditLifecycle(virDomainObjPtr vm, const char *op, - const char *reason, bool success) +virDomainAuditLifecycle(virDomainObjPtr vm, const char *op, + const char *reason, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; @@ -423,41 +423,41 @@ qemuAuditLifecycle(virDomainObjPtr vm, const char *op, void -qemuAuditDomainStart(virDomainObjPtr vm, const char *reason, bool success) +virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success) { int i; for (i = 0 ; i < vm->def->ndisks ; i++) { virDomainDiskDefPtr disk = vm->def->disks[i]; if (disk->src) /* Skips CDROM without media initially inserted */ - qemuAuditDisk(vm, NULL, disk, "start", true); + virDomainAuditDisk(vm, NULL, disk, "start", true); } for (i = 0 ; i < vm->def->nnets ; i++) { virDomainNetDefPtr net = vm->def->nets[i]; - qemuAuditNet(vm, NULL, net, "start", true); + virDomainAuditNet(vm, NULL, net, "start", true); } for (i = 0 ; i < vm->def->nhostdevs ; i++) { virDomainHostdevDefPtr hostdev = vm->def->hostdevs[i]; - qemuAuditHostdev(vm, hostdev, "start", true); + virDomainAuditHostdev(vm, hostdev, "start", true); } - qemuAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true); - qemuAuditVcpu(vm, 0, vm->def->vcpus, "start", true); + virDomainAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true); + virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true); - qemuAuditLifecycle(vm, "start", reason, success); + virDomainAuditLifecycle(vm, "start", reason, success); } void -qemuAuditDomainStop(virDomainObjPtr vm, const char *reason) +virDomainAuditStop(virDomainObjPtr vm, const char *reason) { - qemuAuditLifecycle(vm, "stop", reason, true); + virDomainAuditLifecycle(vm, "stop", reason, true); } void -qemuAuditSecurityLabel(virDomainObjPtr vm, bool success) +virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h new file mode 100644 index 0000000000..44da344e3d --- /dev/null +++ b/src/conf/domain_audit.h @@ -0,0 +1,99 @@ +/* + * domain_audit.c: Domain audit management + * + * Copyright (C) 2006-2011 Red Hat, Inc. + * Copyright (C) 2006 Daniel P. Berrange + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Author: Daniel P. Berrange + */ + +#ifndef __VIR_DOMAIN_AUDIT_H__ +# define __VIR_DOMAIN_AUDIT_H__ + +# include "domain_conf.h" +# include "cgroup.h" + +void virDomainAuditStart(virDomainObjPtr vm, + const char *reason, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); +void virDomainAuditStop(virDomainObjPtr vm, + const char *reason) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); +void virDomainAuditDisk(virDomainObjPtr vm, + virDomainDiskDefPtr oldDef, + virDomainDiskDefPtr newDef, + const char *reason, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditNet(virDomainObjPtr vm, + virDomainNetDefPtr oldDef, + virDomainNetDefPtr newDef, + const char *reason, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditNetDevice(virDomainDefPtr vmDef, + virDomainNetDefPtr netDef, + const char *device, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); +void virDomainAuditHostdev(virDomainObjPtr vm, + virDomainHostdevDefPtr def, + const char *reason, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); +void virDomainAuditCgroup(virDomainObjPtr vm, + virCgroupPtr group, + const char *reason, + const char *extra, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(4); +void virDomainAuditCgroupMajor(virDomainObjPtr vm, + virCgroupPtr group, + const char *reason, + int maj, + const char *name, + const char *perms, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6); +void virDomainAuditCgroupPath(virDomainObjPtr vm, + virCgroupPtr group, + const char *reason, + const char *path, + const char *perms, + int rc) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); +void virDomainAuditMemory(virDomainObjPtr vm, + unsigned long long oldmem, + unsigned long long newmem, + const char *reason, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditVcpu(virDomainObjPtr vm, + unsigned int oldvcpu, + unsigned int newvcpu, + const char *reason, + bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditSecurityLabel(virDomainObjPtr vm, + bool success) + ATTRIBUTE_NONNULL(1); + +#endif /* __VIR_DOMAIN_AUDIT_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 2050e5e915..e3627e5280 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -202,6 +202,21 @@ dnsmasqReload; dnsmasqSave; +# domain_audit.h +virDomainAuditCgroup; +virDomainAuditCgroupMajor; +virDomainAuditCgroupPath; +virDomainAuditDisk; +virDomainAuditHostdev; +virDomainAuditMemory; +virDomainAuditNet; +virDomainAuditNetDevice; +virDomainAuditSecurityLabel; +virDomainAuditStart; +virDomainAuditStop; +virDomainAuditVcpu; + + # domain_conf.h virDiskNameToBusDeviceIndex; virDiskNameToIndex; diff --git a/src/qemu/qemu_audit.h b/src/qemu/qemu_audit.h deleted file mode 100644 index 14c7da5d29..0000000000 --- a/src/qemu/qemu_audit.h +++ /dev/null @@ -1,99 +0,0 @@ -/* - * qemu_audit.h: QEMU audit management - * - * Copyright (C) 2006-2011 Red Hat, Inc. - * Copyright (C) 2006 Daniel P. Berrange - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Author: Daniel P. Berrange - */ - -#ifndef __QEMU_AUDIT_H__ -# define __QEMU_AUDIT_H__ - -# include "domain_conf.h" -# include "cgroup.h" - -void qemuAuditDomainStart(virDomainObjPtr vm, - const char *reason, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); -void qemuAuditDomainStop(virDomainObjPtr vm, - const char *reason) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); -void qemuAuditDisk(virDomainObjPtr vm, - virDomainDiskDefPtr oldDef, - virDomainDiskDefPtr newDef, - const char *reason, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); -void qemuAuditNet(virDomainObjPtr vm, - virDomainNetDefPtr oldDef, - virDomainNetDefPtr newDef, - const char *reason, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); -void qemuAuditNetDevice(virDomainDefPtr vmDef, - virDomainNetDefPtr netDef, - const char *device, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); -void qemuAuditHostdev(virDomainObjPtr vm, - virDomainHostdevDefPtr def, - const char *reason, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); -void qemuAuditCgroup(virDomainObjPtr vm, - virCgroupPtr group, - const char *reason, - const char *extra, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) - ATTRIBUTE_NONNULL(4); -void qemuAuditCgroupMajor(virDomainObjPtr vm, - virCgroupPtr group, - const char *reason, - int maj, - const char *name, - const char *perms, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) - ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6); -void qemuAuditCgroupPath(virDomainObjPtr vm, - virCgroupPtr group, - const char *reason, - const char *path, - const char *perms, - int rc) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) - ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); -void qemuAuditMemory(virDomainObjPtr vm, - unsigned long long oldmem, - unsigned long long newmem, - const char *reason, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); -void qemuAuditVcpu(virDomainObjPtr vm, - unsigned int oldvcpu, - unsigned int newvcpu, - const char *reason, - bool success) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); -void qemuAuditSecurityLabel(virDomainObjPtr vm, - bool success) - ATTRIBUTE_NONNULL(1); - -#endif /* __QEMU_AUDIT_H__ */ diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 1298924613..b357852bd5 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -29,7 +29,7 @@ #include "memory.h" #include "virterror_internal.h" #include "util.h" -#include "qemu_audit.h" +#include "domain_audit.h" #define VIR_FROM_THIS VIR_FROM_QEMU @@ -70,8 +70,8 @@ qemuSetupDiskPathAllow(virDomainDiskDefPtr disk, rc = virCgroupAllowDevicePath(data->cgroup, path, (disk->readonly ? VIR_CGROUP_DEVICE_READ : VIR_CGROUP_DEVICE_RW)); - qemuAuditCgroupPath(data->vm, data->cgroup, "allow", path, - disk->readonly ? "r" : "rw", rc); + virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path, + disk->readonly ? "r" : "rw", rc); if (rc < 0) { if (rc == -EACCES) { /* Get this for root squash NFS */ VIR_DEBUG("Ignoring EACCES for %s", path); @@ -112,7 +112,7 @@ qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED, VIR_DEBUG("Process path %s for disk", path); rc = virCgroupDenyDevicePath(data->cgroup, path, VIR_CGROUP_DEVICE_RWM); - qemuAuditCgroupPath(data->vm, data->cgroup, "deny", path, "rwm", rc); + virDomainAuditCgroupPath(data->vm, data->cgroup, "deny", path, "rwm", rc); if (rc < 0) { if (rc == -EACCES) { /* Get this for root squash NFS */ VIR_DEBUG("Ignoring EACCES for %s", path); @@ -156,8 +156,8 @@ qemuSetupChardevCgroup(virDomainDefPtr def, VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path); rc = virCgroupAllowDevicePath(data->cgroup, dev->source.data.file.path, VIR_CGROUP_DEVICE_RW); - qemuAuditCgroupPath(data->vm, data->cgroup, "allow", - dev->source.data.file.path, "rw", rc); + virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", + dev->source.data.file.path, "rw", rc); if (rc < 0) { virReportSystemError(-rc, _("Unable to allow device %s for %s"), @@ -179,7 +179,7 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED, VIR_DEBUG("Process path '%s' for USB device", path); rc = virCgroupAllowDevicePath(data->cgroup, path, VIR_CGROUP_DEVICE_RW); - qemuAuditCgroupPath(data->vm, data->cgroup, "allow", path, "rw", rc); + virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path, "rw", rc); if (rc < 0) { virReportSystemError(-rc, _("Unable to allow device %s"), @@ -215,7 +215,7 @@ int qemuSetupCgroup(struct qemud_driver *driver, if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) { qemuCgroupData data = { vm, cgroup }; rc = virCgroupDenyAllDevices(cgroup); - qemuAuditCgroup(vm, cgroup, "deny", "all", rc == 0); + virDomainAuditCgroup(vm, cgroup, "deny", "all", rc == 0); if (rc != 0) { if (rc == -EPERM) { VIR_WARN("Group devices ACL is not accessible, disabling whitelisting"); @@ -234,8 +234,8 @@ int qemuSetupCgroup(struct qemud_driver *driver, rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR, VIR_CGROUP_DEVICE_RW); - qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR, - "pty", "rw", rc == 0); + virDomainAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR, + "pty", "rw", rc == 0); if (rc != 0) { virReportSystemError(-rc, "%s", _("unable to allow /dev/pts/ devices")); @@ -249,8 +249,8 @@ int qemuSetupCgroup(struct qemud_driver *driver, (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) { rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR, VIR_CGROUP_DEVICE_RW); - qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_SND_MAJOR, - "sound", "rw", rc == 0); + virDomainAuditCgroupMajor(vm, cgroup, "allow", DEVICE_SND_MAJOR, + "sound", "rw", rc == 0); if (rc != 0) { virReportSystemError(-rc, "%s", _("unable to allow /dev/snd/ devices")); @@ -261,7 +261,7 @@ int qemuSetupCgroup(struct qemud_driver *driver, for (i = 0; deviceACL[i] != NULL ; i++) { rc = virCgroupAllowDevicePath(cgroup, deviceACL[i], VIR_CGROUP_DEVICE_RW); - qemuAuditCgroupPath(vm, cgroup, "allow", deviceACL[i], "rw", rc); + virDomainAuditCgroupPath(vm, cgroup, "allow", deviceACL[i], "rw", rc); if (rc < 0 && rc != -ENOENT) { virReportSystemError(-rc, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index b6f9317514..a3bce4ac58 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -35,7 +35,7 @@ #include "uuid.h" #include "c-ctype.h" #include "domain_nwfilter.h" -#include "qemu_audit.h" +#include "domain_audit.h" #include "domain_conf.h" #include @@ -130,7 +130,7 @@ qemuPhysIfaceConnect(virDomainDefPtr def, &net->data.direct.virtPortProfile, &res_ifname, vmop, driver->stateDir); if (rc >= 0) { - qemuAuditNetDevice(def, net, res_ifname, true); + virDomainAuditNetDevice(def, net, res_ifname, true); VIR_FREE(net->ifname); net->ifname = res_ifname; } @@ -255,7 +255,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, tapmac[0] = 0xFE; /* Discourage bridge from using TAP dev MAC */ err = brAddTap(driver->brctl, brname, &net->ifname, tapmac, vnet_hdr, true, &tapfd); - qemuAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0); + virDomainAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0); if (err) { if (err == ENOTSUP) { /* In this particular case, give a better diagnostic. */ @@ -346,7 +346,7 @@ qemuOpenVhostNet(virDomainDefPtr def, } *vhostfd = open("/dev/vhost-net", O_RDWR); - qemuAuditNetDevice(def, net, "/dev/vhost-net", *vhostfd >= 0); + virDomainAuditNetDevice(def, net, "/dev/vhost-net", *vhostfd >= 0); /* If the config says explicitly to use vhost and we couldn't open it, * report an error. diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 1ff9c25a23..0ea182d459 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -55,7 +55,6 @@ #include "qemu_hotplug.h" #include "qemu_monitor.h" #include "qemu_bridge_filter.h" -#include "qemu_audit.h" #include "qemu_process.h" #include "qemu_migration.h" @@ -70,6 +69,7 @@ #include "memory.h" #include "uuid.h" #include "domain_conf.h" +#include "domain_audit.h" #include "node_device_conf.h" #include "pci.h" #include "hostusb.h" @@ -1286,7 +1286,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml, (flags & VIR_DOMAIN_START_PAUSED) != 0, (flags & VIR_DOMAIN_START_AUTODESTROY) != 0, -1, NULL, VIR_VM_OP_CREATE) < 0) { - qemuAuditDomainStart(vm, "booted", false); + virDomainAuditStart(vm, "booted", false); if (qemuDomainObjEndJob(vm) > 0) virDomainRemoveInactive(&driver->domains, vm); @@ -1297,7 +1297,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml, event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, VIR_DOMAIN_EVENT_STARTED_BOOTED); - qemuAuditDomainStart(vm, "booted", true); + virDomainAuditStart(vm, "booted", true); dom = virGetDomain(conn, vm->def->name, vm->def->uuid); if (dom) dom->id = vm->def->id; @@ -1589,7 +1589,7 @@ static int qemudDomainDestroy(virDomainPtr dom) { event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_DESTROYED); - qemuAuditDomainStop(vm, "destroyed"); + virDomainAuditStop(vm, "destroyed"); if (!vm->persistent) { if (qemuDomainObjEndJob(vm) > 0) @@ -1757,8 +1757,8 @@ static int qemudDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem, qemuDomainObjEnterMonitor(vm); r = qemuMonitorSetBalloon(priv->mon, newmem); qemuDomainObjExitMonitor(vm); - qemuAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update", - r == 1); + virDomainAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update", + r == 1); if (r < 0) goto endjob; @@ -2293,7 +2293,7 @@ static int qemudDomainSaveFlag(struct qemud_driver *driver, virDomainPtr dom, /* Shut it down */ qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_SAVED); - qemuAuditDomainStop(vm, "saved"); + virDomainAuditStop(vm, "saved"); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_SAVED); @@ -2652,7 +2652,7 @@ static int qemudDomainCoreDump(virDomainPtr dom, endjob: if ((ret == 0) && (flags & VIR_DUMP_CRASH)) { qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_CRASHED); - qemuAuditDomainStop(vm, "crashed"); + virDomainAuditStop(vm, "crashed"); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_CRASHED); @@ -2888,7 +2888,7 @@ static int qemudDomainHotplugVcpus(virDomainObjPtr vm, unsigned int nvcpus) cleanup: qemuDomainObjExitMonitor(vm); vm->def->vcpus = vcpus; - qemuAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1); + virDomainAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1); return ret; unsupported: @@ -3696,14 +3696,14 @@ qemuDomainSaveImageStartVM(virConnectPtr conn, } if (ret < 0) { - qemuAuditDomainStart(vm, "restored", false); + virDomainAuditStart(vm, "restored", false); goto out; } event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, VIR_DOMAIN_EVENT_STARTED_RESTORED); - qemuAuditDomainStart(vm, "restored", true); + virDomainAuditStart(vm, "restored", true); if (event) qemuDomainEventQueue(driver, event); @@ -4058,7 +4058,7 @@ static int qemudDomainObjStart(virConnectPtr conn, ret = qemuProcessStart(conn, driver, vm, NULL, start_paused, autodestroy, -1, NULL, VIR_VM_OP_CREATE); - qemuAuditDomainStart(vm, "booted", ret >= 0); + virDomainAuditStart(vm, "booted", ret >= 0); if (ret >= 0) { virDomainEventPtr event = virDomainEventNewFromObj(vm, @@ -8021,7 +8021,7 @@ static int qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, rc = qemuProcessStart(snapshot->domain->conn, driver, vm, NULL, false, false, -1, NULL, VIR_VM_OP_CREATE); - qemuAuditDomainStart(vm, "from-snapshot", rc >= 0); + virDomainAuditStart(vm, "from-snapshot", rc >= 0); if (qemuDomainSnapshotSetCurrentInactive(vm, driver->snapshotDir) < 0) goto endjob; if (rc < 0) @@ -8058,7 +8058,7 @@ static int qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, if (virDomainObjIsActive(vm)) { qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_FROM_SNAPSHOT); - qemuAuditDomainStop(vm, "from-snapshot"); + virDomainAuditStop(vm, "from-snapshot"); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT); diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 58689f688a..ce56241c23 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -29,8 +29,8 @@ #include "qemu_domain.h" #include "qemu_command.h" #include "qemu_bridge_filter.h" -#include "qemu_audit.h" #include "qemu_hostdev.h" +#include "domain_audit.h" #include "domain_nwfilter.h" #include "logging.h" #include "virterror_internal.h" @@ -113,7 +113,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver, } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditDisk(vm, origdisk, disk, "update", ret >= 0); + virDomainAuditDisk(vm, origdisk, disk, "update", ret >= 0); if (ret < 0) goto error; @@ -223,7 +223,7 @@ int qemuDomainAttachPciDiskDevice(struct qemud_driver *driver, } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0); + virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0); if (ret < 0) goto error; @@ -467,7 +467,7 @@ int qemuDomainAttachSCSIDisk(struct qemud_driver *driver, } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0); + virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0); if (ret < 0) goto error; @@ -559,7 +559,7 @@ int qemuDomainAttachUsbMassstorageDevice(struct qemud_driver *driver, } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0); + virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0); if (ret < 0) goto error; @@ -681,14 +681,14 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, if (qemuMonitorAddNetdev(priv->mon, netstr, tapfd, tapfd_name, vhostfd, vhostfd_name) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, NULL, net, "attach", false); + virDomainAuditNet(vm, NULL, net, "attach", false); goto cleanup; } } else { if (qemuMonitorAddHostNetwork(priv->mon, netstr, tapfd, tapfd_name, vhostfd, vhostfd_name) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, NULL, net, "attach", false); + virDomainAuditNet(vm, NULL, net, "attach", false); goto cleanup; } } @@ -715,14 +715,14 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) { if (qemuMonitorAddDevice(priv->mon, nicstr) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, NULL, net, "attach", false); + virDomainAuditNet(vm, NULL, net, "attach", false); goto try_remove; } } else { if (qemuMonitorAddPCINetwork(priv->mon, nicstr, &guestAddr) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, NULL, net, "attach", false); + virDomainAuditNet(vm, NULL, net, "attach", false); goto try_remove; } net->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI; @@ -730,7 +730,7 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, NULL, net, "attach", true); + virDomainAuditNet(vm, NULL, net, "attach", true); ret = 0; @@ -857,7 +857,7 @@ int qemuDomainAttachHostPciDevice(struct qemud_driver *driver, hostdev->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI; memcpy(&hostdev->info.addr.pci, &guestAddr, sizeof(guestAddr)); } - qemuAuditHostdev(vm, hostdev, "attach", ret == 0); + virDomainAuditHostdev(vm, hostdev, "attach", ret == 0); if (ret < 0) goto error; @@ -937,7 +937,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver, hostdev->source.subsys.u.usb.bus, hostdev->source.subsys.u.usb.device); qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditHostdev(vm, hostdev, "attach", ret == 0); + virDomainAuditHostdev(vm, hostdev, "attach", ret == 0); if (ret < 0) goto error; @@ -1246,14 +1246,14 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver, if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) { if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) { qemuDomainObjExitMonitor(vm); - qemuAuditDisk(vm, detach, NULL, "detach", false); + virDomainAuditDisk(vm, detach, NULL, "detach", false); goto cleanup; } } else { if (qemuMonitorRemovePCIDevice(priv->mon, &detach->info.addr.pci) < 0) { qemuDomainObjExitMonitor(vm); - qemuAuditDisk(vm, detach, NULL, "detach", false); + virDomainAuditDisk(vm, detach, NULL, "detach", false); goto cleanup; } } @@ -1263,7 +1263,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver, qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditDisk(vm, detach, NULL, "detach", true); + virDomainAuditDisk(vm, detach, NULL, "detach", true); if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) && qemuDomainPCIAddressReleaseSlot(priv->pciaddrs, @@ -1341,7 +1341,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver, qemuDomainObjEnterMonitorWithDriver(driver, vm); if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) { qemuDomainObjExitMonitor(vm); - qemuAuditDisk(vm, detach, NULL, "detach", false); + virDomainAuditDisk(vm, detach, NULL, "detach", false); goto cleanup; } @@ -1350,7 +1350,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver, qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditDisk(vm, detach, NULL, "detach", true); + virDomainAuditDisk(vm, detach, NULL, "detach", true); virDomainDiskRemove(vm->def, i); @@ -1575,14 +1575,14 @@ int qemuDomainDetachNetDevice(struct qemud_driver *driver, if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) { if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) { qemuDomainObjExitMonitor(vm); - qemuAuditNet(vm, detach, NULL, "detach", false); + virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } } else { if (qemuMonitorRemovePCIDevice(priv->mon, &detach->info.addr.pci) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, detach, NULL, "detach", false); + virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } } @@ -1591,19 +1591,19 @@ int qemuDomainDetachNetDevice(struct qemud_driver *driver, qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) { if (qemuMonitorRemoveNetdev(priv->mon, hostnet_name) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, detach, NULL, "detach", false); + virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } } else { if (qemuMonitorRemoveHostNetwork(priv->mon, vlan, hostnet_name) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, detach, NULL, "detach", false); + virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditNet(vm, detach, NULL, "detach", true); + virDomainAuditNet(vm, detach, NULL, "detach", true); if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) && qemuDomainPCIAddressReleaseSlot(priv->pciaddrs, @@ -1713,7 +1713,7 @@ int qemuDomainDetachHostPciDevice(struct qemud_driver *driver, ret = qemuMonitorRemovePCIDevice(priv->mon, &detach->info.addr.pci); } qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditHostdev(vm, detach, "detach", ret == 0); + virDomainAuditHostdev(vm, detach, "detach", ret == 0); if (ret < 0) return -1; @@ -1812,7 +1812,7 @@ int qemuDomainDetachHostUsbDevice(struct qemud_driver *driver, qemuDomainObjEnterMonitorWithDriver(driver, vm); ret = qemuMonitorDelDevice(priv->mon, detach->info.alias); qemuDomainObjExitMonitorWithDriver(driver, vm); - qemuAuditHostdev(vm, detach, "detach", ret == 0); + virDomainAuditHostdev(vm, detach, "detach", ret == 0); if (ret < 0) return -1; diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 1bca4b832e..05c10138b2 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -30,9 +30,9 @@ #include "qemu_domain.h" #include "qemu_process.h" #include "qemu_capabilities.h" -#include "qemu_audit.h" #include "qemu_cgroup.h" +#include "domain_audit.h" #include "logging.h" #include "virterror_internal.h" #include "memory.h" @@ -1131,7 +1131,7 @@ qemuMigrationPrepareTunnel(struct qemud_driver *driver, true, dataFD[0], NULL, VIR_VM_OP_MIGRATE_IN_START); if (internalret < 0) { - qemuAuditDomainStart(vm, "migrated", false); + virDomainAuditStart(vm, "migrated", false); /* Note that we don't set an error here because qemuProcessStart * should have already done that. */ @@ -1143,7 +1143,7 @@ qemuMigrationPrepareTunnel(struct qemud_driver *driver, } if (virFDStreamOpen(st, dataFD[1]) < 0) { - qemuAuditDomainStart(vm, "migrated", false); + virDomainAuditStart(vm, "migrated", false); qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_FAILED); if (!vm->persistent) { if (qemuDomainObjEndJob(vm) > 0) @@ -1156,7 +1156,7 @@ qemuMigrationPrepareTunnel(struct qemud_driver *driver, } dataFD[1] = -1; /* 'st' owns the FD now & will close it */ - qemuAuditDomainStart(vm, "migrated", true); + virDomainAuditStart(vm, "migrated", true); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, @@ -1359,7 +1359,7 @@ qemuMigrationPrepareDirect(struct qemud_driver *driver, snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port); if (qemuProcessStart(dconn, driver, vm, migrateFrom, true, true, -1, NULL, VIR_VM_OP_MIGRATE_IN_START) < 0) { - qemuAuditDomainStart(vm, "migrated", false); + virDomainAuditStart(vm, "migrated", false); /* Note that we don't set an error here because qemuProcessStart * should have already done that. */ @@ -1389,7 +1389,7 @@ qemuMigrationPrepareDirect(struct qemud_driver *driver, VIR_WARN("Unable to encode migration cookie"); } - qemuAuditDomainStart(vm, "migrated", true); + virDomainAuditStart(vm, "migrated", true); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, VIR_DOMAIN_EVENT_STARTED_MIGRATED); @@ -2340,7 +2340,7 @@ int qemuMigrationPerform(struct qemud_driver *driver, resume = 0; } else { qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_MIGRATED); - qemuAuditDomainStop(vm, "migrated"); + virDomainAuditStop(vm, "migrated"); resume = 0; event = virDomainEventNewFromObj(vm, @@ -2505,7 +2505,7 @@ qemuMigrationFinish(struct qemud_driver *driver, */ if (v3proto) { qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED); - qemuAuditDomainStop(vm, "failed"); + virDomainAuditStop(vm, "failed"); if (newVM) { if (qemuDomainObjEndJob(vm) > 0) virDomainRemoveInactive(&driver->domains, vm); @@ -2551,7 +2551,7 @@ qemuMigrationFinish(struct qemud_driver *driver, */ if (v3proto) { qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED); - qemuAuditDomainStop(vm, "failed"); + virDomainAuditStop(vm, "failed"); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_FAILED); @@ -2587,7 +2587,7 @@ qemuMigrationFinish(struct qemud_driver *driver, qemuProcessAutoDestroyRemove(driver, vm); } else { qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED); - qemuAuditDomainStop(vm, "failed"); + virDomainAuditStop(vm, "failed"); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_FAILED); @@ -2650,7 +2650,7 @@ int qemuMigrationConfirm(struct qemud_driver *driver, */ if (retcode == 0) { qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_MIGRATED); - qemuAuditDomainStop(vm, "migrated"); + virDomainAuditStop(vm, "migrated"); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, @@ -2730,7 +2730,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm, } rc = virCgroupAllowDevicePath(cgroup, path, VIR_CGROUP_DEVICE_RW); - qemuAuditCgroupPath(vm, cgroup, "allow", path, "rw", rc); + virDomainAuditCgroupPath(vm, cgroup, "allow", path, "rw", rc); if (rc < 0) { virReportSystemError(-rc, _("Unable to allow device %s for %s"), @@ -2819,7 +2819,7 @@ cleanup: if (cgroup != NULL) { rc = virCgroupDenyDevicePath(cgroup, path, VIR_CGROUP_DEVICE_RWM); - qemuAuditCgroupPath(vm, cgroup, "deny", path, "rwm", rc); + virDomainAuditCgroupPath(vm, cgroup, "deny", path, "rwm", rc); if (rc < 0) VIR_WARN("Unable to deny device %s for %s %d", path, vm->def->name, rc); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ff22cdeb0a..aea59afc73 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -34,7 +34,6 @@ #include "qemu_capabilities.h" #include "qemu_monitor.h" #include "qemu_command.h" -#include "qemu_audit.h" #include "qemu_hostdev.h" #include "qemu_hotplug.h" #include "qemu_bridge_filter.h" @@ -54,6 +53,7 @@ #include "c-ctype.h" #include "nodeinfo.h" #include "processinfo.h" +#include "domain_audit.h" #include "domain_nwfilter.h" #include "locking/domain_lock.h" #include "uuid.h" @@ -144,7 +144,7 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED, VIR_DOMAIN_EVENT_STOPPED, eventReason); qemuProcessStop(driver, vm, 0, stopReason); - qemuAuditDomainStop(vm, auditReason); + virDomainAuditStop(vm, auditReason); if (!vm->persistent) virDomainRemoveInactive(&driver->domains, vm); @@ -2409,10 +2409,10 @@ int qemuProcessStart(virConnectPtr conn, then generate a security label for isolation */ VIR_DEBUG("Generating domain security label (if required)"); if (virSecurityManagerGenLabel(driver->securityManager, vm) < 0) { - qemuAuditSecurityLabel(vm, false); + virDomainAuditSecurityLabel(vm, false); goto cleanup; } - qemuAuditSecurityLabel(vm, true); + virDomainAuditSecurityLabel(vm, true); /* Ensure no historical cgroup for this VM is lying around bogus * settings */ @@ -3217,7 +3217,7 @@ static void qemuProcessAutoDestroyDom(void *payload, VIR_DEBUG("Killing domain"); qemuProcessStop(data->driver, dom, 1, VIR_DOMAIN_SHUTOFF_DESTROYED); - qemuAuditDomainStop(dom, "destroyed"); + virDomainAuditStop(dom, "destroyed"); event = virDomainEventNewFromObj(dom, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_DESTROYED);