[PATCH 5/6] audit: Add auditing for serial/parallel/channel/console characted devs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Add startup auditing and also hotplug auditing for said devices
---
 src/conf/domain_audit.c  | 35 +++++++++++++++++++++++++++++++++++
 src/conf/domain_audit.h  |  7 +++++++
 src/libvirt_private.syms |  1 +
 src/qemu/qemu_hotplug.c  | 17 +++++++++++------
 4 files changed, 54 insertions(+), 6 deletions(-)

diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index c4dcfa5..b7f8123 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -155,6 +155,29 @@ virDomainAuditGenericDev(virDomainObjPtr vm,


 void
+virDomainAuditChardev(virDomainObjPtr vm,
+                      virDomainChrDefPtr oldDef,
+                      virDomainChrDefPtr newDef,
+                      const char *reason,
+                      bool success)
+{
+    virDomainChrSourceDefPtr oldsrc = NULL;
+    virDomainChrSourceDefPtr newsrc = NULL;
+
+    if (oldDef)
+        oldsrc = &oldDef->source;
+
+    if (newDef)
+        newsrc = &newDef->source;
+
+    virDomainAuditGenericDev(vm, "chardev",
+                             virDomainAuditChardevPath(oldsrc),
+                             virDomainAuditChardevPath(newsrc),
+                             reason, success);
+}
+
+
+void
 virDomainAuditDisk(virDomainObjPtr vm,
                    virStorageSourcePtr oldDef,
                    virStorageSourcePtr newDef,
@@ -772,6 +795,18 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
         virDomainAuditRedirdev(vm, redirdev, "start", true);
     }

+    for (i = 0; i < vm->def->nserials; i++)
+        virDomainAuditChardev(vm, NULL, vm->def->serials[i], "start", true);
+
+    for (i = 0; i < vm->def->nparallels; i++)
+        virDomainAuditChardev(vm, NULL, vm->def->parallels[i], "start", true);
+
+    for (i = 0; i < vm->def->nchannels; i++)
+        virDomainAuditChardev(vm, NULL, vm->def->channels[i], "start", true);
+
+    for (i = 0; i < vm->def->nconsoles; i++)
+        virDomainAuditChardev(vm, NULL, vm->def->consoles[i], "start", true);
+
     if (vm->def->rng)
         virDomainAuditRNG(vm, NULL, vm->def->rng, "start", true);

diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 58d25a4..3434feb 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -111,4 +111,11 @@ void virDomainAuditRedirdev(virDomainObjPtr vm,
                             bool success)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);

+void virDomainAuditChardev(virDomainObjPtr vm,
+                           virDomainChrDefPtr oldDef,
+                           virDomainChrDefPtr newDef,
+                           const char *reason,
+                           bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+
 #endif /* __VIR_DOMAIN_AUDIT_H__ */
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 067dcad..b04b099 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -116,6 +116,7 @@ virDomainPCIAddressValidate;
 virDomainAuditCgroup;
 virDomainAuditCgroupMajor;
 virDomainAuditCgroupPath;
+virDomainAuditChardev;
 virDomainAuditDisk;
 virDomainAuditFS;
 virDomainAuditHostdev;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 8d37813..5451118 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1460,18 +1460,20 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     qemuDomainObjEnterMonitor(driver, vm);
     if (qemuMonitorAttachCharDev(priv->mon, charAlias, &chr->source) < 0) {
         qemuDomainObjExitMonitor(driver, vm);
-        goto cleanup;
+        goto audit;
     }

     if (devstr && qemuMonitorAddDevice(priv->mon, devstr) < 0) {
         /* detach associated chardev on error */
         qemuMonitorDetachCharDev(priv->mon, charAlias);
         qemuDomainObjExitMonitor(driver, vm);
-        goto cleanup;
+        goto audit;
     }
     qemuDomainObjExitMonitor(driver, vm);

     ret = 0;
+ audit:
+    virDomainAuditChardev(vm, NULL, chr, "attach", ret == 0);
  cleanup:
     if (ret < 0 && need_remove)
         qemuDomainChrRemove(vmdef, chr);
@@ -2751,6 +2753,7 @@ qemuDomainRemoveChrDevice(virQEMUDriverPtr driver,
     char *charAlias = NULL;
     qemuDomainObjPrivatePtr priv = vm->privateData;
     int ret = -1;
+    int rc;

     VIR_DEBUG("Removing character device %s from domain %p %s",
               chr->info.alias, vm, vm->def->name);
@@ -2759,12 +2762,14 @@ qemuDomainRemoveChrDevice(virQEMUDriverPtr driver,
         goto cleanup;

     qemuDomainObjEnterMonitor(driver, vm);
-    if (qemuMonitorDetachCharDev(priv->mon, charAlias) < 0) {
-        qemuDomainObjExitMonitor(driver, vm);
-        goto cleanup;
-    }
+    rc = qemuMonitorDetachCharDev(priv->mon, charAlias);
     qemuDomainObjExitMonitor(driver, vm);

+    virDomainAuditChardev(vm, chr, NULL, "detach", rc == 0);
+
+    if (rc < 0)
+        goto cleanup;
+
     event = virDomainEventDeviceRemovedNewFromObj(vm, chr->info.alias);
     if (event)
         qemuDomainEventQueue(driver, event);
-- 
1.9.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]