mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-02 11:21:12 +00:00
d04916faae
Device names can be manipulated, so it is better to also log the major/minor device number corresponding to the cgroup ACL changes that libvirt made. This required some refactoring of the relatively new qemu cgroup audit code. Also, qemuSetupChardevCgroup was only auditing on failure, not success. * src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete. (qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New prototypes. * src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename... (qemuAuditCgroup): ...and drop a parameter. (qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to allow listing device major/minor in audit. (qemuAuditGetRdev): New helper function. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup) (qemuTeardownDiskPathDeny): Likewise. (qemuSetupChardevCgroup): Likewise, fixing missing audit.
75 lines
3.0 KiB
C
75 lines
3.0 KiB
C
/*
|
|
* qemu_audit.h: QEMU audit management
|
|
*
|
|
* Copyright (C) 2006-2011 Red Hat, Inc.
|
|
* Copyright (C) 2006 Daniel P. Berrange
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
* Author: Daniel P. Berrange <berrange@redhat.com>
|
|
*/
|
|
|
|
#ifndef __QEMU_AUDIT_H__
|
|
# define __QEMU_AUDIT_H__
|
|
|
|
# include "domain_conf.h"
|
|
# include "cgroup.h"
|
|
|
|
void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success);
|
|
void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason);
|
|
void qemuDomainDiskAudit(virDomainObjPtr vm,
|
|
virDomainDiskDefPtr oldDef,
|
|
virDomainDiskDefPtr newDef,
|
|
const char *reason,
|
|
bool success);
|
|
void qemuDomainNetAudit(virDomainObjPtr vm,
|
|
virDomainNetDefPtr oldDef,
|
|
virDomainNetDefPtr newDef,
|
|
const char *reason,
|
|
bool success);
|
|
void qemuDomainHostdevAudit(virDomainObjPtr vm,
|
|
virDomainHostdevDefPtr def,
|
|
const char *reason,
|
|
bool success);
|
|
void qemuAuditCgroup(virDomainObjPtr vm,
|
|
virCgroupPtr group,
|
|
const char *reason,
|
|
const char *extra,
|
|
bool success);
|
|
void qemuAuditCgroupMajor(virDomainObjPtr vm,
|
|
virCgroupPtr group,
|
|
const char *reason,
|
|
int maj,
|
|
const char *name,
|
|
bool success);
|
|
void qemuAuditCgroupPath(virDomainObjPtr vm,
|
|
virCgroupPtr group,
|
|
const char *reason,
|
|
const char *path,
|
|
int rc);
|
|
void qemuDomainMemoryAudit(virDomainObjPtr vm,
|
|
unsigned long long oldmem,
|
|
unsigned long long newmem,
|
|
const char *reason,
|
|
bool success);
|
|
void qemuDomainVcpuAudit(virDomainObjPtr vm,
|
|
unsigned int oldvcpu,
|
|
unsigned int newvcpu,
|
|
const char *reason,
|
|
bool success);
|
|
void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success);
|
|
|
|
#endif /* __QEMU_AUDIT_H__ */
|