Since a host can run several different virtualization types at
the same time, audit messages should allow domains to be identified.
Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages
* src/conf/domain_audit.c: Identify virt type of guest
---
src/conf/domain_audit.c | 89 ++++++++++++++++++++++++++++++++++++++---------
1 files changed, 72 insertions(+), 17 deletions(-)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 20f6ddc..9b7ced7 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -67,6 +67,7 @@ virDomainAuditDisk(virDomainObjPtr vm,
char *vmname;
char *oldsrc = NULL;
char *newsrc = NULL;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -74,6 +75,11 @@ virDomainAuditDisk(virDomainObjPtr vm,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
if (!(oldsrc = virAuditEncode("old-disk",
oldDef && oldDef->src ?
oldDef->src : "?"))) {
@@ -88,8 +94,8 @@ virDomainAuditDisk(virDomainObjPtr vm,
}
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=disk reason=%s %s uuid=%s %s %s",
- reason, vmname, uuidstr,
+ "virt=%s resrc=disk reason=%s %s uuid=%s %s %s",
+ virt, reason, vmname, uuidstr,
oldsrc, newsrc);
cleanup:
@@ -108,6 +114,7 @@ virDomainAuditFS(virDomainObjPtr vm,
char *vmname;
char *oldsrc = NULL;
char *newsrc = NULL;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -115,6 +122,11 @@ virDomainAuditFS(virDomainObjPtr vm,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
if (!(oldsrc = virAuditEncode("old-fs",
oldDef && oldDef->src ?
oldDef->src : "?"))) {
@@ -129,8 +141,8 @@ virDomainAuditFS(virDomainObjPtr vm,
}
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=fs reason=%s %s uuid=%s %s %s",
- reason, vmname, uuidstr,
+ "virt=%s resrc=fs reason=%s %s uuid=%s %s %s",
+ virt, reason, vmname, uuidstr,
oldsrc, newsrc);
cleanup:
@@ -149,6 +161,7 @@ virDomainAuditNet(virDomainObjPtr vm,
char newMacstr[VIR_MAC_STRING_BUFLEN];
char oldMacstr[VIR_MAC_STRING_BUFLEN];
char *vmname;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (oldDef)
@@ -160,9 +173,14 @@ virDomainAuditNet(virDomainObjPtr vm,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=net reason=%s %s uuid=%s old-net='%s' new-net='%s'",
- reason, vmname, uuidstr,
+ "virt=%s resrc=net reason=%s %s uuid=%s old-net='%s' new-net='%s'",
+ virt, reason, vmname, uuidstr,
oldDef ? oldMacstr : "?",
newDef ? newMacstr : "?");
@@ -190,6 +208,7 @@ virDomainAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
char *vmname;
char *devname;
char *rdev;
+ const char *virt;
virUUIDFormat(vmDef->uuid, uuidstr);
virFormatMacAddr(netDef->mac, macstr);
@@ -201,9 +220,14 @@ virDomainAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
goto cleanup;
}
+ if (!(virt = virDomainVirtTypeToString(vmDef->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vmDef->virtType);
+ virt = "?";
+ }
+
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=net reason=open %s uuid=%s net='%s' %s rdev=%s",
- vmname, uuidstr, macstr, devname, VIR_AUDIT_STR(rdev));
+ "virt=%s resrc=net reason=open %s uuid=%s net='%s' %s rdev=%s",
+ virt, vmname, uuidstr, macstr, devname, VIR_AUDIT_STR(rdev));
cleanup:
VIR_FREE(vmname);
@@ -228,6 +252,7 @@ virDomainAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
char *vmname;
char *address;
char *device;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -235,6 +260,11 @@ virDomainAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
switch (hostdev->source.subsys.type) {
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
if (virAsprintf(&address, "%.4x:%.2x:%.2x.%.1x",
@@ -266,8 +296,8 @@ virDomainAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
}
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=dev reason=%s %s uuid=%s bus=%s %s",
- reason, vmname, uuidstr,
+ "virt=%s resrc=dev reason=%s %s uuid=%s bus=%s %s",
+ virt, reason, vmname, uuidstr,
virDomainHostdevSubsysTypeToString(hostdev->source.subsys.type),
device);
@@ -299,6 +329,7 @@ virDomainAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
char *vmname;
char *controller = NULL;
char *detail;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -306,14 +337,19 @@ virDomainAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
ignore_value(virCgroupPathOfController(cgroup,
VIR_CGROUP_CONTROLLER_DEVICES,
NULL, &controller));
detail = virAuditEncode("cgroup", VIR_AUDIT_STR(controller));
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=cgroup reason=%s %s uuid=%s %s class=%s",
- reason, vmname, uuidstr,
+ "virt=%s resrc=cgroup reason=%s %s uuid=%s %s class=%s",
+ virt, reason, vmname, uuidstr,
detail ? detail : "cgroup=?", extra);
VIR_FREE(vmname);
@@ -411,6 +447,7 @@ virDomainAuditResource(virDomainObjPtr vm, const char *resource,
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -418,9 +455,14 @@ virDomainAuditResource(virDomainObjPtr vm, const char *resource,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
- "resrc=%s reason=%s %s uuid=%s old-%s=%lld new-%s=%lld",
- resource, reason, vmname, uuidstr,
+ "virt=%s resrc=%s reason=%s %s uuid=%s old-%s=%lld new-%s=%lld",
+ virt, resource, reason, vmname, uuidstr,
resource, oldval, resource, newval);
VIR_FREE(vmname);
@@ -448,6 +490,7 @@ virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
@@ -456,8 +499,14 @@ virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, success,
- "op=%s reason=%s %s uuid=%s", op, reason, vmname, uuidstr);
+ "virt=%s op=%s reason=%s %s uuid=%s",
+ virt, op, reason, vmname, uuidstr);
VIR_FREE(vmname);
}
@@ -507,6 +556,7 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
+ const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
@@ -514,9 +564,14 @@ virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
return;
}
+ if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+ VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+ virt = "?";
+ }
+
VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, success,
- "%s uuid=%s vm-ctx=%s img-ctx=%s",
- vmname, uuidstr,
+ "virt=%s %s uuid=%s vm-ctx=%s img-ctx=%s",
+ virt, vmname, uuidstr,
VIR_AUDIT_STR(vm->def->seclabel.label),
VIR_AUDIT_STR(vm->def->seclabel.imagelabel));
--
1.7.4.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list