mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
Add auditing of filesystems
When passing through filesystems from the host to a guest, the host filesystem passed must be audited * src/conf/domain_audit.{c,h}: Add virDomainAuditFS
This commit is contained in:
parent
b43070ebfc
commit
e6e90c8d70
@ -99,6 +99,47 @@ cleanup:
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void
|
||||||
|
virDomainAuditFS(virDomainObjPtr vm,
|
||||||
|
virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
|
||||||
|
const char *reason, bool success)
|
||||||
|
{
|
||||||
|
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
||||||
|
char *vmname;
|
||||||
|
char *oldsrc = NULL;
|
||||||
|
char *newsrc = NULL;
|
||||||
|
|
||||||
|
virUUIDFormat(vm->def->uuid, uuidstr);
|
||||||
|
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
|
||||||
|
VIR_WARN("OOM while encoding audit message");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(oldsrc = virAuditEncode("old-fs",
|
||||||
|
oldDef && oldDef->src ?
|
||||||
|
oldDef->src : "?"))) {
|
||||||
|
VIR_WARN("OOM while encoding audit message");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
if (!(newsrc = virAuditEncode("new-fs",
|
||||||
|
newDef && newDef->src ?
|
||||||
|
newDef->src : "?"))) {
|
||||||
|
VIR_WARN("OOM while encoding audit message");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
|
||||||
|
"resrc=fs reason=%s %s uuid=%s %s %s",
|
||||||
|
reason, vmname, uuidstr,
|
||||||
|
oldsrc, newsrc);
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
VIR_FREE(vmname);
|
||||||
|
VIR_FREE(oldsrc);
|
||||||
|
VIR_FREE(newsrc);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
virDomainAuditNet(virDomainObjPtr vm,
|
virDomainAuditNet(virDomainObjPtr vm,
|
||||||
virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
|
virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
|
||||||
@ -433,6 +474,11 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
|
|||||||
virDomainAuditDisk(vm, NULL, disk, "start", true);
|
virDomainAuditDisk(vm, NULL, disk, "start", true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (i = 0 ; i < vm->def->nfss ; i++) {
|
||||||
|
virDomainFSDefPtr fs = vm->def->fss[i];
|
||||||
|
virDomainAuditFS(vm, NULL, fs, "start", true);
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0 ; i < vm->def->nnets ; i++) {
|
for (i = 0 ; i < vm->def->nnets ; i++) {
|
||||||
virDomainNetDefPtr net = vm->def->nets[i];
|
virDomainNetDefPtr net = vm->def->nets[i];
|
||||||
virDomainAuditNet(vm, NULL, net, "start", true);
|
virDomainAuditNet(vm, NULL, net, "start", true);
|
||||||
|
@ -40,6 +40,12 @@ void virDomainAuditDisk(virDomainObjPtr vm,
|
|||||||
const char *reason,
|
const char *reason,
|
||||||
bool success)
|
bool success)
|
||||||
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
||||||
|
void virDomainAuditFS(virDomainObjPtr vm,
|
||||||
|
virDomainFSDefPtr oldDef,
|
||||||
|
virDomainFSDefPtr newDef,
|
||||||
|
const char *reason,
|
||||||
|
bool success)
|
||||||
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
||||||
void virDomainAuditNet(virDomainObjPtr vm,
|
void virDomainAuditNet(virDomainObjPtr vm,
|
||||||
virDomainNetDefPtr oldDef,
|
virDomainNetDefPtr oldDef,
|
||||||
virDomainNetDefPtr newDef,
|
virDomainNetDefPtr newDef,
|
||||||
|
@ -207,6 +207,7 @@ virDomainAuditCgroup;
|
|||||||
virDomainAuditCgroupMajor;
|
virDomainAuditCgroupMajor;
|
||||||
virDomainAuditCgroupPath;
|
virDomainAuditCgroupPath;
|
||||||
virDomainAuditDisk;
|
virDomainAuditDisk;
|
||||||
|
virDomainAuditFS;
|
||||||
virDomainAuditHostdev;
|
virDomainAuditHostdev;
|
||||||
virDomainAuditMemory;
|
virDomainAuditMemory;
|
||||||
virDomainAuditNet;
|
virDomainAuditNet;
|
||||||
|
Loading…
Reference in New Issue
Block a user