mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-10 07:20:02 +00:00
9516a0eca3
Opening raw network devices with the intent of passing those fds to qemu is worth an audit point. This makes a multi-part audit: first, we audit the device(s) that libvirt opens on behalf of the MAC address of a to-be-created interface (which can independently succeed or fail), then we audit whether qemu actually started the network device with the same MAC (so searching backwards for successful audits with the same MAC will show which fd(s) qemu is actually using). Note that it is possible for the fd to be successfully opened but no attempt made to pass the fd to qemu (for example, because intermediate nwfilter operations failed) - no interface start audit will occur in that case; so the audit for a successful opened fd does not imply rights given to qemu unless there is a followup audit about the attempt to start a new interface. Likewise, when a network device is hot-unplugged, there is only one audit message about the MAC being discontinued; again, searching back to the earlier device open audits will show which fds that qemu quits using (and yes, I checked via /proc/<qemu-pid>/fd that qemu _does_ close out the fds associated with an interface on hot-unplug). The code would require much more refactoring to be able to definitively state which device(s) were discontinued at that point, since we currently don't record anywhere in the XML whether /dev/vhost-net was opened for a given interface. * src/qemu/qemu_audit.h (qemuAuditNetDevice): New prototype. * src/qemu/qemu_audit.c (qemuAuditNetDevice): New function. * src/qemu/qemu_command.h (qemuNetworkIfaceConnect) (qemuPhysIfaceConnect, qemuOpenVhostNet): Adjust prototype. * src/qemu/qemu_command.c (qemuNetworkIfaceConnect) (qemuPhysIfaceConnect, qemuOpenVhostNet): Add audit points and adjust parameters. (qemuBuildCommandLine): Adjust caller. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
100 lines
4.0 KiB
C
100 lines
4.0 KiB
C
/*
|
|
* qemu_audit.h: QEMU audit management
|
|
*
|
|
* Copyright (C) 2006-2011 Red Hat, Inc.
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
*/
|
|
|
|
#ifndef __QEMU_AUDIT_H__
|
|
# define __QEMU_AUDIT_H__
|
|
|
|
# include "domain_conf.h"
|
|
# include "cgroup.h"
|
|
|
|
void qemuAuditDomainStart(virDomainObjPtr vm,
|
|
const char *reason,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
|
|
void qemuAuditDomainStop(virDomainObjPtr vm,
|
|
const char *reason)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
|
|
void qemuAuditDisk(virDomainObjPtr vm,
|
|
virDomainDiskDefPtr oldDef,
|
|
virDomainDiskDefPtr newDef,
|
|
const char *reason,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
|
void qemuAuditNet(virDomainObjPtr vm,
|
|
virDomainNetDefPtr oldDef,
|
|
virDomainNetDefPtr newDef,
|
|
const char *reason,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
|
void qemuAuditNetDevice(virDomainDefPtr vmDef,
|
|
virDomainNetDefPtr netDef,
|
|
const char *device,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
|
|
void qemuAuditHostdev(virDomainObjPtr vm,
|
|
virDomainHostdevDefPtr def,
|
|
const char *reason,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
|
|
void qemuAuditCgroup(virDomainObjPtr vm,
|
|
virCgroupPtr group,
|
|
const char *reason,
|
|
const char *extra,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
|
|
ATTRIBUTE_NONNULL(4);
|
|
void qemuAuditCgroupMajor(virDomainObjPtr vm,
|
|
virCgroupPtr group,
|
|
const char *reason,
|
|
int maj,
|
|
const char *name,
|
|
const char *perms,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
|
|
ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6);
|
|
void qemuAuditCgroupPath(virDomainObjPtr vm,
|
|
virCgroupPtr group,
|
|
const char *reason,
|
|
const char *path,
|
|
const char *perms,
|
|
int rc)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
|
|
ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
|
|
void qemuAuditMemory(virDomainObjPtr vm,
|
|
unsigned long long oldmem,
|
|
unsigned long long newmem,
|
|
const char *reason,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
|
void qemuAuditVcpu(virDomainObjPtr vm,
|
|
unsigned int oldvcpu,
|
|
unsigned int newvcpu,
|
|
const char *reason,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
|
|
void qemuAuditSecurityLabel(virDomainObjPtr vm,
|
|
bool success)
|
|
ATTRIBUTE_NONNULL(1);
|
|
|
|
#endif /* __QEMU_AUDIT_H__ */
|