On 03/09/2011 08:19 AM, Daniel P. Berrange wrote: > There are several devices for networking > > - With type=bridge or type=network, /dev/net/tun is opened to > get a FD for a tap device instance > > - With type=direct, /dev/tap%d is opened to get an FD for > a macvtap device instance > > In both cases, /dev/vhost-net can *also* be opened. The tun/macvtap > device provides the connectivity to the host NIC. The vhost-net > device provides kernel acceleration for the QEMU NIC backend > > So I think we need to be auditing all of these devices, if we're > going todo any of them Agreed, and did that in v3: https://www.redhat.com/archives/libvir-list/2011-March/msg00416.html >> + if (!(vmname = virAuditEncode("vm", vmDef->name)) || >> + !(devname = virAuditEncode("path", device)) || >> + !(rdev = qemuAuditGetRdev(device))) { >> + VIR_WARN0("OOM while encoding audit message"); >> + goto cleanup; >> + } >> + >> + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, >> + "resrc=net reason=%s %s uuid=%s net='%s' %s %s", >> + reason, vmname, uuidstr, >> + macstr, devname, rdev); > > A similar thought here about rdev as per the earlier patch > in the series Yep, that got fixed while rebasing on the earlier part of the series. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list