diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index efcf3c5ec0..c0da78ec5a 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -79,6 +79,7 @@ virCgroupKill; virCgroupKillRecursive; virCgroupKillPainfully; virCgroupMounted; +virCgroupPathOfController; virCgroupRemove; virCgroupSetBlkioWeight; virCgroupSetCpuShares; diff --git a/src/qemu/qemu_audit.c b/src/qemu/qemu_audit.c index 43e903a999..7a8d3ee23a 100644 --- a/src/qemu/qemu_audit.c +++ b/src/qemu/qemu_audit.c @@ -213,11 +213,13 @@ cleanup: * Log an audit message about an attempted cgroup device ACL change. */ void -qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup ATTRIBUTE_UNUSED, +qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup, const char *reason, const char *extra, bool success) { char uuidstr[VIR_UUID_STRING_BUFLEN]; char *vmname; + char *controller = NULL; + char *detail; virUUIDFormat(vm->def->uuid, uuidstr); if (!(vmname = virAuditEncode("vm", vm->def->name))) { @@ -225,11 +227,18 @@ qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup ATTRIBUTE_UNUSED, return; } + virCgroupPathOfController(cgroup, VIR_CGROUP_CONTROLLER_DEVICES, + NULL, &controller); + detail = virAuditEncode("cgroup", VIR_AUDIT_STR(controller)); + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, - "resrc=cgroup reason=%s %s uuid=%s class=%s", - reason, vmname, uuidstr, extra); + "resrc=cgroup reason=%s %s uuid=%s %s class=%s", + reason, vmname, uuidstr, + detail ? detail : "cgroup=?", extra); VIR_FREE(vmname); + VIR_FREE(controller); + VIR_FREE(detail); } /** diff --git a/src/util/cgroup.c b/src/util/cgroup.c index 8551acda0d..46358ab554 100644 --- a/src/util/cgroup.c +++ b/src/util/cgroup.c @@ -254,10 +254,10 @@ static int virCgroupDetect(virCgroupPtr group) #endif -static int virCgroupPathOfController(virCgroupPtr group, - int controller, - const char *key, - char **path) +int virCgroupPathOfController(virCgroupPtr group, + int controller, + const char *key, + char **path) { if (controller == -1) { int i; diff --git a/src/util/cgroup.h b/src/util/cgroup.h index d468cb30c6..b3c5f27f2a 100644 --- a/src/util/cgroup.h +++ b/src/util/cgroup.h @@ -40,6 +40,11 @@ int virCgroupForDomain(virCgroupPtr driver, virCgroupPtr *group, int create); +int virCgroupPathOfController(virCgroupPtr group, + int controller, + const char *key, + char **path); + int virCgroupAddTask(virCgroupPtr group, pid_t pid); int virCgroupSetBlkioWeight(virCgroupPtr group, unsigned int weight);