[PATCH] audit: Audit operations done by using VirtIO RNG

Peter Krempa <pkrempa@xxxxxxxxxx> · Mon, 11 Mar 2013 17:19:36 +0100

This patch adds auditing of resources used by the 'random' backend of
virtio RNG.
---
If there's desire to audit also use of the "egd" backend that uses a
generic character device, a way how to audit this device will need to be
introduced. We don't audit useage of chardevs right now.

 src/conf/domain_audit.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 8cd522a..c80bdb4 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -100,6 +100,79 @@ cleanup:
 }


+static void
+virDomainAuditRNG(virDomainObjPtr vm,
+                  virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef,
+                  const char *reason, bool success)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname;
+    char *oldsrc = NULL;
+    char *newsrc = NULL;
+    const char *virt;
+
+    virUUIDFormat(vm->def->uuid, uuidstr);
+    if (!(vmname = virAuditEncode("vm", vm->def->name)))
+        goto no_memory;
+
+    if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+        VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+        virt = "?";
+    }
+
+    if (newDef) {
+        switch (newDef->backend) {
+        case VIR_DOMAIN_RNG_BACKEND_RANDOM:
+            if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newDef->source.file))))
+                goto no_memory;
+            break;
+
+        case VIR_DOMAIN_RNG_BACKEND_EGD:
+        case VIR_DOMAIN_RNG_BACKEND_LAST:
+            if (!(newsrc = virAuditEncode("new-rng", "?")))
+                goto no_memory;
+            break;
+        }
+    } else {
+        if (!(newsrc = virAuditEncode("new-rng", "?")))
+            goto no_memory;
+    }
+
+    if (oldDef) {
+        switch (oldDef->backend) {
+        case VIR_DOMAIN_RNG_BACKEND_RANDOM:
+            if (!(oldsrc = virAuditEncode("old-rng", VIR_AUDIT_STR(oldDef->source.file))))
+                goto no_memory;
+            break;
+
+        case VIR_DOMAIN_RNG_BACKEND_EGD:
+        case VIR_DOMAIN_RNG_BACKEND_LAST:
+            if (!(oldsrc = virAuditEncode("old-rng", "?")))
+                goto no_memory;
+            break;
+        }
+    } else {
+        if (!(oldsrc = virAuditEncode("old-rng", "?")))
+            goto no_memory;
+    }
+
+    VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+              "virt=%s resrc=rng reason=%s %s uuid=%s %s %s",
+              virt, reason, vmname, uuidstr,
+              oldsrc, newsrc);
+
+cleanup:
+    VIR_FREE(vmname);
+    VIR_FREE(oldsrc);
+    VIR_FREE(newsrc);
+    return;
+
+no_memory:
+    VIR_WARN("OOM while encoding audit message");
+    goto cleanup;
+}
+
+
 void
 virDomainAuditFS(virDomainObjPtr vm,
                  virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
@@ -641,6 +714,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
         virDomainAuditRedirdev(vm, redirdev, "start", true);
     }

+    if (vm->def->rng)
+        virDomainAuditRNG(vm, vm->def->rng, NULL, "start", true);
+
     virDomainAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true);
     virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);

-- 
1.8.1.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





