[PATCH v9 15/17] conf: Audit TPM emulator device at domain startup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Extend the existing auditing with auditing for the TPM emulator.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx>
---
 docs/auditlog.html.in   |  2 +-
 src/conf/domain_audit.c | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 9b5ef548cd..f8f0c99b23 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -264,7 +264,7 @@
       <dt><code>reason</code></dt>
       <dd>The reason which caused the resource to be assigned to happen</dd>
       <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
+      <dd>The type of resource assigned. Set to <code>tpm</code> or <code>tpm-emulator</code></dd>
       <dt><code>device</code></dt>
       <dd>The path of the host TPM device assigned to the guest</dd>
     </dl>
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index b92779ce40..8335938c29 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -555,12 +555,13 @@ virDomainAuditRedirdev(virDomainObjPtr vm, virDomainRedirdevDefPtr redirdev,
 
 /**
  * virDomainAuditTPM:
- * @vm: domain making a change in pass-through host device
+ * @vm: domain making a change in pass-through host device or emulator
  * @tpm: TPM device being attached or removed
  * @reason: one of "start", "attach", or "detach"
- * @success: true if the device passthrough operation succeeded
+ * @success: true if the device operation succeeded
  *
- * Log an audit message about an attempted device passthrough change.
+ * Log an audit message about an attempted device passthrough or emulator
+ * change.
  */
 static void
 virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPtr tpm,
@@ -596,6 +597,15 @@ virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPtr tpm,
                   virt, reason, vmname, uuidstr, device);
         break;
     case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        path = tpm->data.emulator.source.data.nix.path;
+        if (!(device = virAuditEncode("device", VIR_AUDIT_STR(path)))) {
+            VIR_WARN("OOM while encoding audit message");
+            goto cleanup;
+        }
+
+        VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+                  "virt=%s resrc=tpm-emulator reason=%s %s uuid=%s %s",
+                  virt, reason, vmname, uuidstr, device);
         break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
     default:
-- 
2.14.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux