---
docs/auditlog.html.in | 20 ++++++++++++++++++++
src/conf/domain_audit.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 68 insertions(+)
diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 8528b52..8a007ca 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -301,6 +301,26 @@
<dd>Updated path of the backing character device for given emulated device</dd>
</dl>
+ <h4><a name="typeresourcesmartcard">smartcard</a></h4>
+ <p>
+ The <code>msg</code> field will include the following sub-fields
+ </p>
+
+ <dl>
+ <dt>reason</dt>
+ <dd>The reason which caused the resource to be assigned to happen</dd>
+ <dt>resrc</dt>
+ <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
+ <dt>old-smartcard</dt>
+ <dd>Original path of the backing character device, certificate store or
+ "nss-smartcard-device" for host smartcard passthrough.
+ </dd>
+ <dt>new-smartcard</dt>
+ <dd>Updated path of the backing character device, certificate store or
+ "nss-smartcard-device" for host smartcard passthrough.
+ </dd>
+ </dl>
+
<h4><a name="typeresourceredir">Redirected device</a></h4>
<p>
The <code>msg</code> field will include the following sub-fields
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 23bb4a7..a3d6c67 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -177,6 +177,51 @@ virDomainAuditChardev(virDomainObjPtr vm,
}
+static void
+virDomainAuditSmartcard(virDomainObjPtr vm,
+ virDomainSmartcardDefPtr def,
+ const char *reason,
+ bool success)
+{
+ const char *database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
+ size_t i;
+
+ if (def) {
+ switch ((virDomainSmartcardType) def->type) {
+ case VIR_DOMAIN_SMARTCARD_TYPE_HOST:
+ virDomainAuditGenericDev(vm, "smartcard",
+ NULL, "nss-smartcard-device",
+ reason, success);
+ break;
+
+ case VIR_DOMAIN_SMARTCARD_TYPE_HOST_CERTIFICATES:
+ for (i = 0; i < VIR_DOMAIN_SMARTCARD_NUM_CERTIFICATES; i++) {
+ virDomainAuditGenericDev(vm, "smartcard", NULL,
+ def->data.cert.file[i],
+ reason, success);
+ }
+
+ if (def->data.cert.database)
+ database = def->data.cert.database;
+
+ virDomainAuditGenericDev(vm, "smartcard",
+ NULL, database,
+ reason, success);
+ break;
+
+ case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
+ virDomainAuditGenericDev(vm, "smartcard", NULL,
+ virDomainAuditChardevPath(&def->data.passthru),
+ reason, success);
+ break;
+
+ case VIR_DOMAIN_SMARTCARD_TYPE_LAST:
+ break;
+ }
+ }
+}
+
+
void
virDomainAuditDisk(virDomainObjPtr vm,
virStorageSourcePtr oldDef,
@@ -814,6 +859,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
virDomainAuditChardev(vm, NULL, vm->def->consoles[i], "start", true);
}
+ for (i = 0; i < vm->def->nsmartcards; i++)
+ virDomainAuditSmartcard(vm, vm->def->smartcards[i], "start", true);
+
if (vm->def->rng)
virDomainAuditRNG(vm, NULL, vm->def->rng, "start", true);
--
1.9.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list