This supercedes the unreviewed v1: https://www.redhat.com/archives/libvir-list/2011-March/msg00257.html The more I kept working on this, the more things I found that needed fixing. As it is, it's too late for me tonight, so patch 8 is currently untested, and patch 9/8 is needed to audit the hotplug devices used in 'virsh attach-interface'. But earlier patches are in good shape, so I want to start the review. Perhaps this series should be re-arranged a bit; let me know if you want the final version to see patches in any different order (although due to some of my renames, it will take me longer to do rebasing that shuffles patch order). Eric Blake (8): audit: tweak audit messages to match conventions audit: split cgroup audit types to allow more information audit: also audit cgroup controller path audit: audit use of /dev/vhost-net audit: rename remaining qemu audit functions cgroup: allow fine-tuning of device ACL permissions audit: also audit cgroup ACL permissions qemu: support vhost in attach-interface src/libvirt_private.syms | 1 + src/lxc/lxc_controller.c | 9 +- src/qemu/qemu_audit.c | 263 ++++++++++++++++++++++++++++++++++----------- src/qemu/qemu_audit.h | 83 +++++++++------ src/qemu/qemu_cgroup.c | 57 +++++----- src/qemu/qemu_command.c | 10 +- src/qemu/qemu_command.h | 5 + src/qemu/qemu_driver.c | 44 ++++---- src/qemu/qemu_hotplug.c | 94 ++++++++++++----- src/qemu/qemu_migration.c | 14 ++-- src/qemu/qemu_process.c | 6 +- src/util/cgroup.c | 63 ++++++++---- src/util/cgroup.h | 31 +++++- 13 files changed, 466 insertions(+), 214 deletions(-) -- 1.7.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list