mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-21 20:15:17 +00:00
docs: html.in: Convert auditlog to rst
Signed-off-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
parent
0da1753ac2
commit
f5ac2714e9
@ -1,375 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<body>
|
||||
<h1>Audit log</h1>
|
||||
|
||||
<ul id="toc"></ul>
|
||||
|
||||
<h2><a id="intro">Introduction</a></h2>
|
||||
|
||||
<p>
|
||||
A number of the libvirt virtualization drivers (QEMU/KVM and LXC) include
|
||||
support for logging details of important operations to the host's audit
|
||||
subsystem. This provides administrators / auditors with a canonical historical
|
||||
record of changes to virtual machines' / containers' lifecycle states and
|
||||
their configuration. On hosts which are running the Linux audit daemon,
|
||||
the logs will usually end up in <code>/var/log/audit/audit.log</code>
|
||||
</p>
|
||||
|
||||
<h2><a id="config">Configuration</a></h2>
|
||||
|
||||
<p>
|
||||
The libvirt audit integration is enabled by default on any host which has
|
||||
the Linux audit subsystem active, and disabled otherwise. It is possible
|
||||
to alter this behaviour in the <code>/etc/libvirt/libvirtd.conf</code>
|
||||
configuration file, via the <code>audit_level</code> parameter
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li><code>audit_level=0</code> - libvirt auditing is disabled regardless
|
||||
of host audit subsystem enablement.</li>
|
||||
<li><code>audit_level=1</code> - libvirt auditing is enabled if the host
|
||||
audit subsystem is enabled, otherwise it is disabled. This is the
|
||||
default behaviour.</li>
|
||||
<li><code>audit_level=2</code> - libvirt auditing is enabled regardless
|
||||
of host audit subsystem enablement. If the host audit subsystem is
|
||||
disabled, then libvirtd will refuse to complete startup and exit with
|
||||
an error.</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
In addition to have formal messages sent to the audit subsystem it is
|
||||
possible to tell libvirt to inject messages into its own logging
|
||||
layer. This will result in messages ending up in the systemd journal
|
||||
or <code>/var/log/libvirt/libvirtd.log</code> on non-systemd hosts.
|
||||
This is disabled by default, but can be requested by setting the
|
||||
<code>audit_logging=1</code> configuration parameter in the same file
|
||||
mentioned above.
|
||||
</p>
|
||||
|
||||
<h2><a id="types">Message types</a></h2>
|
||||
|
||||
<p>
|
||||
Libvirt defines three core audit message types each of which will
|
||||
be described below. There are a number of common fields that will
|
||||
be reported for all message types.
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>pid</code></dt>
|
||||
<dd>Process ID of the libvirtd daemon generating the audit record.</dd>
|
||||
<dt><code>uid</code></dt>
|
||||
<dd>User ID of the libvirtd daemon process generating the audit record.</dd>
|
||||
<dt><code>subj</code></dt>
|
||||
<dd>Security context of the libvirtd daemon process generating the audit record.</dd>
|
||||
<dt><code>msg</code></dt>
|
||||
<dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
|
||||
</dl>
|
||||
|
||||
<p>
|
||||
Some fields in the <code>msg</code> string are common to audit records
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>virt</code></dt>
|
||||
<dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
|
||||
<dt><code>vm</code></dt>
|
||||
<dd>Host driver unique name of the guest</dd>
|
||||
<dt><code>uuid</code></dt>
|
||||
<dd>Globally unique identifier for the guest</dd>
|
||||
<dt><code>exe</code></dt>
|
||||
<dd>Path of the libvirtd daemon</dd>
|
||||
<dt><code>hostname</code></dt>
|
||||
<dd>Currently unused</dd>
|
||||
<dt><code>addr</code></dt>
|
||||
<dd>Currently unused</dd>
|
||||
<dt><code>terminal</code></dt>
|
||||
<dd>Currently unused</dd>
|
||||
<dt><code>res</code></dt>
|
||||
<dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
|
||||
</dl>
|
||||
|
||||
<h3><a id="typecontrol">VIRT_CONTROL</a></h3>
|
||||
|
||||
<p>
|
||||
Reports change in the lifecycle state of a virtual machine. The <code>msg</code>
|
||||
field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>op</code></dt>
|
||||
<dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the operation to happen</dd>
|
||||
<dt><code>vm-pid</code></dt>
|
||||
<dd>ID of the primary/leading process associated with the guest</dd>
|
||||
<dt><code>init-pid</code></dt>
|
||||
<dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
|
||||
<dt><code>pid-ns</code></dt>
|
||||
<dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
|
||||
</dl>
|
||||
|
||||
<h3><a id="typemachine">VIRT_MACHINE_ID</a></h3>
|
||||
|
||||
<p>
|
||||
Reports the association of a security context with a guest. The <code>msg</code>
|
||||
field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>model</code></dt>
|
||||
<dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
|
||||
<dt><code>vm-ctx</code></dt>
|
||||
<dd>Security context for the guest process</dd>
|
||||
<dt><code>img-ctx</code></dt>
|
||||
<dd>Security context for the guest disk images and other assigned host resources</dd>
|
||||
</dl>
|
||||
|
||||
<h3><a id="typeresource">VIRT_RESOURCE</a></h3>
|
||||
|
||||
<p>
|
||||
Reports the usage of a host resource by a guest. The fields include will
|
||||
vary according to the type of device being reported. When the guest is
|
||||
initially booted records will be generated for all assigned resources.
|
||||
If any changes are made to the running guest configuration, for example
|
||||
hotplug devices, or adjust resources allocation, further records will
|
||||
be generated.
|
||||
</p>
|
||||
|
||||
<h4><a id="typeresourcevcpu">Virtual CPU</a></h4>
|
||||
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>vcpu</code></dd>
|
||||
<dt><code>old-vcpu</code></dt>
|
||||
<dd>Original vCPU count, or 0</dd>
|
||||
<dt><code>new-vcpu</code></dt>
|
||||
<dd>Updated vCPU count</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h4><a id="typeresourcemem">Memory</a></h4>
|
||||
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>mem</code></dd>
|
||||
<dt><code>old-mem</code></dt>
|
||||
<dd>Original memory size in bytes, or 0</dd>
|
||||
<dt><code>new-mem</code></dt>
|
||||
<dd>Updated memory size in bytes</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcedisk">Disk</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>disk</code></dd>
|
||||
<dt><code>old-disk</code></dt>
|
||||
<dd>Original host file or device path acting as the disk backing file</dd>
|
||||
<dt><code>new-disk</code></dt>
|
||||
<dd>Updated host file or device path acting as the disk backing file</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcenic">Network interface</a></h4>
|
||||
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>net</code></dd>
|
||||
<dt><code>old-net</code></dt>
|
||||
<dd>Original MAC address of the guest network interface</dd>
|
||||
<dt><code>new-net</code></dt>
|
||||
<dd>Updated MAC address of the guest network interface</dd>
|
||||
</dl>
|
||||
|
||||
<p>
|
||||
If there is a host network interface associated with the guest NIC then
|
||||
further records may be generated
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>net</code></dd>
|
||||
<dt><code>net</code></dt>
|
||||
<dd>MAC address of the host network interface</dd>
|
||||
<dt><code>rdev</code></dt>
|
||||
<dd>Name of the host network interface</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcefs">Filesystem</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>fs</code></dd>
|
||||
<dt><code>old-fs</code></dt>
|
||||
<dd>Original host directory, file or device path backing the filesystem </dd>
|
||||
<dt><code>new-fs</code></dt>
|
||||
<dd>Updated host directory, file or device path backing the filesystem</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcehost">Host device</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
|
||||
<dt><code>dev</code></dt>
|
||||
<dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
|
||||
<dt><code>disk</code></dt>
|
||||
<dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
|
||||
<dt><code>chardev</code></dt>
|
||||
<dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcetpm">TPM</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>tpm</code> or <code>tpm-emulator</code></dd>
|
||||
<dt><code>device</code></dt>
|
||||
<dd>The path of the host TPM device assigned to the guest</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcerng">RNG</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>rng</code></dd>
|
||||
<dt><code>old-rng</code></dt>
|
||||
<dd>Original path of the host entropy source for the RNG</dd>
|
||||
<dt><code>new-rng</code></dt>
|
||||
<dd>Updated path of the host entropy source for the RNG</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcechardev">console/serial/parallel/channel</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>chardev</code></dd>
|
||||
<dt><code>old-chardev</code></dt>
|
||||
<dd>Original path of the backing character device for given emulated device</dd>
|
||||
<dt><code>new-chardev</code></dt>
|
||||
<dd>Updated path of the backing character device for given emulated device</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcesmartcard">smartcard</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>smartcard</code></dd>
|
||||
<dt><code>old-smartcard</code></dt>
|
||||
<dd>Original path of the backing character device, certificate store or
|
||||
"nss-smartcard-device" for host smartcard passthrough.
|
||||
</dd>
|
||||
<dt><code>new-smartcard</code></dt>
|
||||
<dd>Updated path of the backing character device, certificate store or
|
||||
"nss-smartcard-device" for host smartcard passthrough.
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourceredir">Redirected device</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>redir</code></dd>
|
||||
<dt><code>bus</code></dt>
|
||||
<dd>The bus type, only <code>usb</code> allowed</dd>
|
||||
<dt><code>device</code></dt>
|
||||
<dd>The device type, only <code>USB redir</code> allowed</dd>
|
||||
</dl>
|
||||
|
||||
<h4><a id="typeresourcecgroup">Control group</a></h4>
|
||||
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>cgroup</code></dd>
|
||||
<dt><code>cgroup</code></dt>
|
||||
<dd>The name of the cgroup controller</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h4><a id="typeresourceshmem">Shared memory</a></h4>
|
||||
<p>
|
||||
The <code>msg</code> field will include the following sub-fields
|
||||
</p>
|
||||
|
||||
<dl>
|
||||
<dt><code>resrc</code></dt>
|
||||
<dd>The type of resource assigned. Set to <code>shmem</code></dd>
|
||||
<dt><code>reason</code></dt>
|
||||
<dd>The reason which caused the resource to be assigned to happen</dd>
|
||||
<dt><code>size</code></dt>
|
||||
<dd>The size of the shared memory region</dd>
|
||||
<dt><code>shmem</code></dt>
|
||||
<dd>Name of the shared memory region</dd>
|
||||
<dt><code>source</code></dt>
|
||||
<dd>Path of the backing character device for given emulated device</dd>
|
||||
</dl>
|
||||
|
||||
</body>
|
||||
</html>
|
321
docs/auditlog.rst
Normal file
321
docs/auditlog.rst
Normal file
@ -0,0 +1,321 @@
|
||||
=========
|
||||
Audit log
|
||||
=========
|
||||
|
||||
.. contents::
|
||||
|
||||
Introduction
|
||||
------------
|
||||
|
||||
A number of the libvirt virtualization drivers (QEMU/KVM and LXC)
|
||||
include support for logging details of important operations to the
|
||||
host's audit subsystem. This provides administrators / auditors with a
|
||||
canonical historical record of changes to virtual machines' /
|
||||
containers' lifecycle states and their configuration. On hosts which are
|
||||
running the Linux audit daemon, the logs will usually end up in
|
||||
``/var/log/audit/audit.log``
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
The libvirt audit integration is enabled by default on any host which
|
||||
has the Linux audit subsystem active, and disabled otherwise. It is
|
||||
possible to alter this behaviour in the ``/etc/libvirt/libvirtd.conf``
|
||||
configuration file, via the ``audit_level`` parameter
|
||||
|
||||
- ``audit_level=0`` - libvirt auditing is disabled regardless of host
|
||||
audit subsystem enablement.
|
||||
- ``audit_level=1`` - libvirt auditing is enabled if the host audit
|
||||
subsystem is enabled, otherwise it is disabled. This is the default
|
||||
behaviour.
|
||||
- ``audit_level=2`` - libvirt auditing is enabled regardless of host
|
||||
audit subsystem enablement. If the host audit subsystem is disabled,
|
||||
then libvirtd will refuse to complete startup and exit with an error.
|
||||
|
||||
In addition to have formal messages sent to the audit subsystem it is
|
||||
possible to tell libvirt to inject messages into its own logging layer.
|
||||
This will result in messages ending up in the systemd journal or
|
||||
``/var/log/libvirt/libvirtd.log`` on non-systemd hosts. This is disabled
|
||||
by default, but can be requested by setting the ``audit_logging=1``
|
||||
configuration parameter in the same file mentioned above.
|
||||
|
||||
Message types
|
||||
-------------
|
||||
|
||||
Libvirt defines three core audit message types each of which will be
|
||||
described below. There are a number of common fields that will be
|
||||
reported for all message types.
|
||||
|
||||
``pid``
|
||||
Process ID of the libvirtd daemon generating the audit record.
|
||||
``uid``
|
||||
User ID of the libvirtd daemon process generating the audit record.
|
||||
``subj``
|
||||
Security context of the libvirtd daemon process generating the audit
|
||||
record.
|
||||
``msg``
|
||||
String containing a list of key=value pairs specific to the type of
|
||||
audit record being reported.
|
||||
|
||||
Some fields in the ``msg`` string are common to audit records
|
||||
|
||||
``virt``
|
||||
Type of virtualization driver used. One of ``qemu`` or ``lxc``
|
||||
``vm``
|
||||
Host driver unique name of the guest
|
||||
``uuid``
|
||||
Globally unique identifier for the guest
|
||||
``exe``
|
||||
Path of the libvirtd daemon
|
||||
``hostname``
|
||||
Currently unused
|
||||
``addr``
|
||||
Currently unused
|
||||
``terminal``
|
||||
Currently unused
|
||||
``res``
|
||||
Result of the action, either ``success`` or ``failed``
|
||||
|
||||
VIRT_CONTROL
|
||||
~~~~~~~~~~~~
|
||||
|
||||
Reports change in the lifecycle state of a virtual machine. The ``msg``
|
||||
field will include the following sub-fields
|
||||
|
||||
``op``
|
||||
Type of operation performed. One of ``start``, ``stop`` or ``init``
|
||||
``reason``
|
||||
The reason which caused the operation to happen
|
||||
``vm-pid``
|
||||
ID of the primary/leading process associated with the guest
|
||||
``init-pid``
|
||||
ID of the ``init`` process in a container. Only if ``op=init`` and
|
||||
``virt=lxc``
|
||||
``pid-ns``
|
||||
Namespace ID of the ``init`` process in a container. Only if
|
||||
``op=init`` and ``virt=lxc``
|
||||
|
||||
VIRT_MACHINE_ID
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
Reports the association of a security context with a guest. The ``msg``
|
||||
field will include the following sub-fields
|
||||
|
||||
``model``
|
||||
The security driver type. One of ``selinux`` or ``apparmor``
|
||||
``vm-ctx``
|
||||
Security context for the guest process
|
||||
``img-ctx``
|
||||
Security context for the guest disk images and other assigned host
|
||||
resources
|
||||
|
||||
VIRT_RESOURCE
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
Reports the usage of a host resource by a guest. The fields include will
|
||||
vary according to the type of device being reported. When the guest is
|
||||
initially booted records will be generated for all assigned resources.
|
||||
If any changes are made to the running guest configuration, for example
|
||||
hotplug devices, or adjust resources allocation, further records will be
|
||||
generated.
|
||||
|
||||
Virtual CPU
|
||||
^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``vcpu``
|
||||
``old-vcpu``
|
||||
Original vCPU count, or 0
|
||||
``new-vcpu``
|
||||
Updated vCPU count
|
||||
|
||||
Memory
|
||||
^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``mem``
|
||||
``old-mem``
|
||||
Original memory size in bytes, or 0
|
||||
``new-mem``
|
||||
Updated memory size in bytes
|
||||
|
||||
Disk
|
||||
^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``disk``
|
||||
``old-disk``
|
||||
Original host file or device path acting as the disk backing file
|
||||
``new-disk``
|
||||
Updated host file or device path acting as the disk backing file
|
||||
|
||||
Network interface
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``net``
|
||||
``old-net``
|
||||
Original MAC address of the guest network interface
|
||||
``new-net``
|
||||
Updated MAC address of the guest network interface
|
||||
|
||||
If there is a host network interface associated with the guest NIC then
|
||||
further records may be generated
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``net``
|
||||
``net``
|
||||
MAC address of the host network interface
|
||||
``rdev``
|
||||
Name of the host network interface
|
||||
|
||||
Filesystem
|
||||
^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``fs``
|
||||
``old-fs``
|
||||
Original host directory, file or device path backing the filesystem
|
||||
``new-fs``
|
||||
Updated host directory, file or device path backing the filesystem
|
||||
|
||||
Host device
|
||||
^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``hostdev`` or ``dev``
|
||||
``dev``
|
||||
The unique bus identifier of the USB, PCI or SCSI device, if
|
||||
``resrc=dev``
|
||||
``disk``
|
||||
The path of the block device assigned to the guest, if
|
||||
``resrc=hostdev``
|
||||
``chardev``
|
||||
The path of the character device assigned to the guest, if
|
||||
``resrc=hostdev``
|
||||
|
||||
TPM
|
||||
^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``tpm`` or ``tpm-emulator``
|
||||
``device``
|
||||
The path of the host TPM device assigned to the guest
|
||||
|
||||
RNG
|
||||
^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``rng``
|
||||
``old-rng``
|
||||
Original path of the host entropy source for the RNG
|
||||
``new-rng``
|
||||
Updated path of the host entropy source for the RNG
|
||||
|
||||
console/serial/parallel/channel
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``chardev``
|
||||
``old-chardev``
|
||||
Original path of the backing character device for given emulated
|
||||
device
|
||||
``new-chardev``
|
||||
Updated path of the backing character device for given emulated
|
||||
device
|
||||
|
||||
smartcard
|
||||
^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``smartcard``
|
||||
``old-smartcard``
|
||||
Original path of the backing character device, certificate store or
|
||||
"nss-smartcard-device" for host smartcard passthrough.
|
||||
``new-smartcard``
|
||||
Updated path of the backing character device, certificate store or
|
||||
"nss-smartcard-device" for host smartcard passthrough.
|
||||
|
||||
Redirected device
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``redir``
|
||||
``bus``
|
||||
The bus type, only ``usb`` allowed
|
||||
``device``
|
||||
The device type, only ``USB redir`` allowed
|
||||
|
||||
Control group
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``cgroup``
|
||||
``cgroup``
|
||||
The name of the cgroup controller
|
||||
|
||||
Shared memory
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
The ``msg`` field will include the following sub-fields
|
||||
|
||||
``resrc``
|
||||
The type of resource assigned. Set to ``shmem``
|
||||
``reason``
|
||||
The reason which caused the resource to be assigned to happen
|
||||
``size``
|
||||
The size of the shared memory region
|
||||
``shmem``
|
||||
Name of the shared memory region
|
||||
``source``
|
||||
Path of the backing character device for given emulated device
|
@ -33,7 +33,6 @@ docs_assets = [
|
||||
docs_html_in_files = [
|
||||
'404',
|
||||
'architecture',
|
||||
'auditlog',
|
||||
'auth',
|
||||
'bindings',
|
||||
'bugs',
|
||||
@ -107,6 +106,7 @@ docs_rst_files = [
|
||||
'api_extension',
|
||||
'api',
|
||||
'apps',
|
||||
'auditlog',
|
||||
'best-practices',
|
||||
'ci',
|
||||
'coding-style',
|
||||
|
Loading…
x
Reference in New Issue
Block a user