[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 1/6] Move qemu_audit.h helpers into shared code



The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}

* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
  src/qemu/qemu_process.c: Update for changed audit API names
---
 src/Makefile.am                                |    2 +-
 src/{qemu/qemu_audit.c => conf/domain_audit.c} |  116 ++++++++++++------------
 src/conf/domain_audit.h                        |   99 ++++++++++++++++++++
 src/libvirt_private.syms                       |   15 +++
 src/qemu/qemu_audit.h                          |   99 --------------------
 src/qemu/qemu_cgroup.c                         |   18 ++--
 src/qemu/qemu_command.c                        |    8 +-
 src/qemu/qemu_driver.c                         |   26 +++---
 src/qemu/qemu_hotplug.c                        |   48 +++++-----
 src/qemu/qemu_migration.c                      |   24 +++---
 src/qemu/qemu_process.c                        |   10 +-
 11 files changed, 240 insertions(+), 225 deletions(-)
 rename src/{qemu/qemu_audit.c => conf/domain_audit.c} (78%)
 create mode 100644 src/conf/domain_audit.h
 delete mode 100644 src/qemu/qemu_audit.h

diff --git a/src/Makefile.am b/src/Makefile.am
index cd8a7e9..7852e0d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -108,6 +108,7 @@ LOCK_DRIVER_SANLOCK_SOURCES = \
 DOMAIN_CONF_SOURCES =						\
 		conf/capabilities.c conf/capabilities.h		\
 		conf/domain_conf.c conf/domain_conf.h		\
+		conf/domain_audit.c conf/domain_audit.h		\
 		conf/domain_nwfilter.c conf/domain_nwfilter.h
 
 DOMAIN_EVENT_SOURCES =						\
@@ -315,7 +316,6 @@ QEMU_DRIVER_SOURCES =						\
 		qemu/qemu_capabilities.c qemu/qemu_capabilities.h\
 		qemu/qemu_command.c qemu/qemu_command.h		\
 		qemu/qemu_domain.c qemu/qemu_domain.h		\
-		qemu/qemu_audit.c qemu/qemu_audit.h		\
 		qemu/qemu_cgroup.c qemu/qemu_cgroup.h		\
 		qemu/qemu_hostdev.c qemu/qemu_hostdev.h		\
 		qemu/qemu_hotplug.c qemu/qemu_hotplug.h		\
diff --git a/src/qemu/qemu_audit.c b/src/conf/domain_audit.c
similarity index 78%
rename from src/qemu/qemu_audit.c
rename to src/conf/domain_audit.c
index 1baef40..d9f4430 100644
--- a/src/qemu/qemu_audit.c
+++ b/src/conf/domain_audit.c
@@ -1,5 +1,5 @@
 /*
- * qemu_audit.c: QEMU audit management
+ * virDomain_audit.c: VIRDOMAIN audit management
  *
  * Copyright (C) 2006-2011 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
@@ -26,7 +26,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
-#include "qemu_audit.h"
+#include "domain_audit.h"
 #include "virtaudit.h"
 #include "uuid.h"
 #include "logging.h"
@@ -37,7 +37,7 @@
  * for other file types, stat failure, or allocation failure.  */
 #if defined major && defined minor
 static char *
-qemuAuditGetRdev(const char *path)
+virDomainAuditGetRdev(const char *path)
 {
     char *ret = NULL;
     struct stat sb;
@@ -52,16 +52,16 @@ qemuAuditGetRdev(const char *path)
 }
 #else
 static char *
-qemuAuditGetRdev(const char *path ATTRIBUTE_UNUSED)
+virDomainAuditGetRdev(const char *path ATTRIBUTE_UNUSED)
 {
     return NULL;
 }
 #endif
 
 void
-qemuAuditDisk(virDomainObjPtr vm,
-              virDomainDiskDefPtr oldDef, virDomainDiskDefPtr newDef,
-              const char *reason, bool success)
+virDomainAuditDisk(virDomainObjPtr vm,
+                   virDomainDiskDefPtr oldDef, virDomainDiskDefPtr newDef,
+                   const char *reason, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char *vmname;
@@ -100,9 +100,9 @@ cleanup:
 
 
 void
-qemuAuditNet(virDomainObjPtr vm,
-             virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
-             const char *reason, bool success)
+virDomainAuditNet(virDomainObjPtr vm,
+                  virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
+                  const char *reason, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char newMacstr[VIR_MAC_STRING_BUFLEN];
@@ -129,20 +129,20 @@ qemuAuditNet(virDomainObjPtr vm,
 }
 
 /**
- * qemuAuditNetDevice:
+ * virDomainAuditNetDevice:
  * @vm: domain opening a network-related device
  * @def: details of network device that fd will be tied to
  * @device: device being opened (such as /dev/vhost-net,
  * /dev/net/tun, /dev/tanN). Note that merely opening a device
- * does not mean that qemu owns it; a followup qemuAuditNet
+ * does not mean that virDomain owns it; a followup virDomainAuditNet
  * shows whether the fd was passed on.
  * @success: true if the device was opened
  *
  * Log an audit message about an attempted network device open.
  */
 void
-qemuAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
-                   const char *device, bool success)
+virDomainAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
+                        const char *device, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char macstr[VIR_MAC_STRING_BUFLEN];
@@ -152,7 +152,7 @@ qemuAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
 
     virUUIDFormat(vmDef->uuid, uuidstr);
     virFormatMacAddr(netDef->mac, macstr);
-    rdev = qemuAuditGetRdev(device);
+    rdev = virDomainAuditGetRdev(device);
 
     if (!(vmname = virAuditEncode("vm", vmDef->name)) ||
         !(devname = virAuditEncode("path", device))) {
@@ -171,7 +171,7 @@ cleanup:
 }
 
 /**
- * qemuAuditHostdev:
+ * virDomainAuditHostdev:
  * @vm: domain making a change in pass-through host device
  * @hostdev: device being attached or removed
  * @reason: one of "start", "attach", or "detach"
@@ -180,8 +180,8 @@ cleanup:
  * Log an audit message about an attempted device passthrough change.
  */
 void
-qemuAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
-                 const char *reason, bool success)
+virDomainAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
+                      const char *reason, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char *vmname;
@@ -238,21 +238,21 @@ cleanup:
 
 
 /**
- * qemuAuditCgroup:
+ * virDomainAuditCgroup:
  * @vm: domain making the cgroups ACL change
  * @cgroup: cgroup that manages the devices
  * @reason: either "allow" or "deny"
  * @extra: additional details, in the form "all",
  * "major category=xyz maj=nn", or "path path=xyz dev=nn:mm" (the
- * latter two are generated by qemuAuditCgroupMajor and
- * qemuAuditCgroupPath).
+ * latter two are generated by virDomainAuditCgroupMajor and
+ * virDomainAuditCgroupPath).
  * @success: true if the cgroup operation succeeded
  *
  * Log an audit message about an attempted cgroup device ACL change.
  */
 void
-qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
-                const char *reason, const char *extra, bool success)
+virDomainAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
+                     const char *reason, const char *extra, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char *vmname;
@@ -281,7 +281,7 @@ qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
 }
 
 /**
- * qemuAuditCgroupMajor:
+ * virDomainAuditCgroupMajor:
  * @vm: domain making the cgroups ACL change
  * @cgroup: cgroup that manages the devices
  * @reason: either "allow" or "deny"
@@ -293,9 +293,9 @@ qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
  * Log an audit message about an attempted cgroup device ACL change.
  */
 void
-qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup,
-                     const char *reason, int maj, const char *name,
-                     const char *perms, bool success)
+virDomainAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup,
+                          const char *reason, int maj, const char *name,
+                          const char *perms, bool success)
 {
     char *extra;
 
@@ -305,13 +305,13 @@ qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup,
         return;
     }
 
-    qemuAuditCgroup(vm, cgroup, reason, extra, success);
+    virDomainAuditCgroup(vm, cgroup, reason, extra, success);
 
     VIR_FREE(extra);
 }
 
 /**
- * qemuAuditCgroupPath:
+ * virDomainAuditCgroupPath:
  * @vm: domain making the cgroups ACL change
  * @cgroup: cgroup that manages the devices
  * @reason: either "allow" or "deny"
@@ -323,9 +323,9 @@ qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup,
  * a specific device.
  */
 void
-qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
-                    const char *reason, const char *path, const char *perms,
-                    int rc)
+virDomainAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
+                         const char *reason, const char *path, const char *perms,
+                         int rc)
 {
     char *detail;
     char *rdev;
@@ -335,7 +335,7 @@ qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
     if (rc > 0)
         return;
 
-    rdev = qemuAuditGetRdev(path);
+    rdev = virDomainAuditGetRdev(path);
 
     if (!(detail = virAuditEncode("path", path)) ||
         virAsprintf(&extra, "path path=%s rdev=%s acl=%s",
@@ -344,7 +344,7 @@ qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
         goto cleanup;
     }
 
-    qemuAuditCgroup(vm, cgroup, reason, extra, rc == 0);
+    virDomainAuditCgroup(vm, cgroup, reason, extra, rc == 0);
 
 cleanup:
     VIR_FREE(extra);
@@ -353,7 +353,7 @@ cleanup:
 }
 
 /**
- * qemuAuditResource:
+ * virDomainAuditResource:
  * @vm: domain making an integer resource change
  * @resource: name of the resource: "mem" or "vcpu"
  * @oldval: the old value of the resource
@@ -364,9 +364,9 @@ cleanup:
  * Log an audit message about an attempted resource change.
  */
 static void
-qemuAuditResource(virDomainObjPtr vm, const char *resource,
-                  unsigned long long oldval, unsigned long long newval,
-                  const char *reason, bool success)
+virDomainAuditResource(virDomainObjPtr vm, const char *resource,
+                       unsigned long long oldval, unsigned long long newval,
+                       const char *reason, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char *vmname;
@@ -386,24 +386,24 @@ qemuAuditResource(virDomainObjPtr vm, const char *resource,
 }
 
 void
-qemuAuditMemory(virDomainObjPtr vm,
-                unsigned long long oldmem, unsigned long long newmem,
-                const char *reason, bool success)
+virDomainAuditMemory(virDomainObjPtr vm,
+                     unsigned long long oldmem, unsigned long long newmem,
+                     const char *reason, bool success)
 {
-    return qemuAuditResource(vm, "mem", oldmem, newmem, reason, success);
+    return virDomainAuditResource(vm, "mem", oldmem, newmem, reason, success);
 }
 
 void
-qemuAuditVcpu(virDomainObjPtr vm,
-              unsigned int oldvcpu, unsigned int newvcpu,
-              const char *reason, bool success)
+virDomainAuditVcpu(virDomainObjPtr vm,
+                   unsigned int oldvcpu, unsigned int newvcpu,
+                   const char *reason, bool success)
 {
-    return qemuAuditResource(vm, "vcpu", oldvcpu, newvcpu, reason, success);
+    return virDomainAuditResource(vm, "vcpu", oldvcpu, newvcpu, reason, success);
 }
 
 static void
-qemuAuditLifecycle(virDomainObjPtr vm, const char *op,
-                   const char *reason, bool success)
+virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
+                        const char *reason, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char *vmname;
@@ -423,41 +423,41 @@ qemuAuditLifecycle(virDomainObjPtr vm, const char *op,
 
 
 void
-qemuAuditDomainStart(virDomainObjPtr vm, const char *reason, bool success)
+virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
 {
     int i;
 
     for (i = 0 ; i < vm->def->ndisks ; i++) {
         virDomainDiskDefPtr disk = vm->def->disks[i];
         if (disk->src) /* Skips CDROM without media initially inserted */
-            qemuAuditDisk(vm, NULL, disk, "start", true);
+            virDomainAuditDisk(vm, NULL, disk, "start", true);
     }
 
     for (i = 0 ; i < vm->def->nnets ; i++) {
         virDomainNetDefPtr net = vm->def->nets[i];
-        qemuAuditNet(vm, NULL, net, "start", true);
+        virDomainAuditNet(vm, NULL, net, "start", true);
     }
 
     for (i = 0 ; i < vm->def->nhostdevs ; i++) {
         virDomainHostdevDefPtr hostdev = vm->def->hostdevs[i];
-        qemuAuditHostdev(vm, hostdev, "start", true);
+        virDomainAuditHostdev(vm, hostdev, "start", true);
     }
 
-    qemuAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true);
-    qemuAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
+    virDomainAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true);
+    virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
 
-    qemuAuditLifecycle(vm, "start", reason, success);
+    virDomainAuditLifecycle(vm, "start", reason, success);
 }
 
 
 void
-qemuAuditDomainStop(virDomainObjPtr vm, const char *reason)
+virDomainAuditStop(virDomainObjPtr vm, const char *reason)
 {
-    qemuAuditLifecycle(vm, "stop", reason, true);
+    virDomainAuditLifecycle(vm, "stop", reason, true);
 }
 
 void
-qemuAuditSecurityLabel(virDomainObjPtr vm, bool success)
+virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     char *vmname;
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
new file mode 100644
index 0000000..dee6e83
--- /dev/null
+++ b/src/conf/domain_audit.h
@@ -0,0 +1,99 @@
+/*
+ * virDomain_audit.h: VIRDOMAIN audit management
+ *
+ * Copyright (C) 2006-2011 Red Hat, Inc.
+ * Copyright (C) 2006 Daniel P. Berrange
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ *
+ * Author: Daniel P. Berrange <berrange redhat com>
+ */
+
+#ifndef __VIRDOMAIN_AUDIT_H__
+# define __VIRDOMAIN_AUDIT_H__
+
+# include "domain_conf.h"
+# include "cgroup.h"
+
+void virDomainAuditStart(virDomainObjPtr vm,
+                         const char *reason,
+                               bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+void virDomainAuditStop(virDomainObjPtr vm,
+                        const char *reason)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+void virDomainAuditDisk(virDomainObjPtr vm,
+                        virDomainDiskDefPtr oldDef,
+                        virDomainDiskDefPtr newDef,
+                        const char *reason,
+                        bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditNet(virDomainObjPtr vm,
+                       virDomainNetDefPtr oldDef,
+                       virDomainNetDefPtr newDef,
+                       const char *reason,
+                       bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditNetDevice(virDomainDefPtr vmDef,
+                             virDomainNetDefPtr netDef,
+                             const char *device,
+                             bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditHostdev(virDomainObjPtr vm,
+                           virDomainHostdevDefPtr def,
+                           const char *reason,
+                           bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditCgroup(virDomainObjPtr vm,
+                          virCgroupPtr group,
+                          const char *reason,
+                          const char *extra,
+                          bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4);
+void virDomainAuditCgroupMajor(virDomainObjPtr vm,
+                               virCgroupPtr group,
+                               const char *reason,
+                               int maj,
+                               const char *name,
+                               const char *perms,
+                               bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6);
+void virDomainAuditCgroupPath(virDomainObjPtr vm,
+                              virCgroupPtr group,
+                              const char *reason,
+                              const char *path,
+                              const char *perms,
+                         int rc)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
+void virDomainAuditMemory(virDomainObjPtr vm,
+                          unsigned long long oldmem,
+                          unsigned long long newmem,
+                          const char *reason,
+                     bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditVcpu(virDomainObjPtr vm,
+                        unsigned int oldvcpu,
+                        unsigned int newvcpu,
+                        const char *reason,
+                        bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditSecurityLabel(virDomainObjPtr vm,
+                                 bool success)
+    ATTRIBUTE_NONNULL(1);
+
+#endif /* __VIRDOMAIN_AUDIT_H__ */
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 626ac6c..18c0af8 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -202,6 +202,21 @@ dnsmasqReload;
 dnsmasqSave;
 
 
+# domain_audit.h
+virDomainAuditCgroup;
+virDomainAuditCgroupMajor;
+virDomainAuditCgroupPath;
+virDomainAuditDisk;
+virDomainAuditHostdev;
+virDomainAuditMemory;
+virDomainAuditNet;
+virDomainAuditNetDevice;
+virDomainAuditSecurityLabel;
+virDomainAuditStart;
+virDomainAuditStop;
+virDomainAuditVcpu;
+
+
 # domain_conf.h
 virDiskNameToBusDeviceIndex;
 virDiskNameToIndex;
diff --git a/src/qemu/qemu_audit.h b/src/qemu/qemu_audit.h
deleted file mode 100644
index 14c7da5..0000000
--- a/src/qemu/qemu_audit.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * qemu_audit.h: QEMU audit management
- *
- * Copyright (C) 2006-2011 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
- *
- * Author: Daniel P. Berrange <berrange redhat com>
- */
-
-#ifndef __QEMU_AUDIT_H__
-# define __QEMU_AUDIT_H__
-
-# include "domain_conf.h"
-# include "cgroup.h"
-
-void qemuAuditDomainStart(virDomainObjPtr vm,
-                          const char *reason,
-                          bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
-void qemuAuditDomainStop(virDomainObjPtr vm,
-                         const char *reason)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
-void qemuAuditDisk(virDomainObjPtr vm,
-                   virDomainDiskDefPtr oldDef,
-                   virDomainDiskDefPtr newDef,
-                   const char *reason,
-                   bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditNet(virDomainObjPtr vm,
-                  virDomainNetDefPtr oldDef,
-                  virDomainNetDefPtr newDef,
-                  const char *reason,
-                  bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditNetDevice(virDomainDefPtr vmDef,
-                        virDomainNetDefPtr netDef,
-                        const char *device,
-                        bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
-void qemuAuditHostdev(virDomainObjPtr vm,
-                      virDomainHostdevDefPtr def,
-                      const char *reason,
-                      bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
-void qemuAuditCgroup(virDomainObjPtr vm,
-                     virCgroupPtr group,
-                     const char *reason,
-                     const char *extra,
-                     bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
-    ATTRIBUTE_NONNULL(4);
-void qemuAuditCgroupMajor(virDomainObjPtr vm,
-                          virCgroupPtr group,
-                          const char *reason,
-                          int maj,
-                          const char *name,
-                          const char *perms,
-                          bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
-    ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6);
-void qemuAuditCgroupPath(virDomainObjPtr vm,
-                         virCgroupPtr group,
-                         const char *reason,
-                         const char *path,
-                         const char *perms,
-                         int rc)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
-    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
-void qemuAuditMemory(virDomainObjPtr vm,
-                     unsigned long long oldmem,
-                     unsigned long long newmem,
-                     const char *reason,
-                     bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditVcpu(virDomainObjPtr vm,
-                   unsigned int oldvcpu,
-                   unsigned int newvcpu,
-                   const char *reason,
-                   bool success)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditSecurityLabel(virDomainObjPtr vm,
-                            bool success)
-    ATTRIBUTE_NONNULL(1);
-
-#endif /* __QEMU_AUDIT_H__ */
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 1298924..fe9d6f3 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -29,7 +29,7 @@
 #include "memory.h"
 #include "virterror_internal.h"
 #include "util.h"
-#include "qemu_audit.h"
+#include "domain_audit.h"
 
 #define VIR_FROM_THIS VIR_FROM_QEMU
 
@@ -70,7 +70,7 @@ qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
     rc = virCgroupAllowDevicePath(data->cgroup, path,
                                   (disk->readonly ? VIR_CGROUP_DEVICE_READ
                                    : VIR_CGROUP_DEVICE_RW));
-    qemuAuditCgroupPath(data->vm, data->cgroup, "allow", path,
+    virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path,
                         disk->readonly ? "r" : "rw", rc);
     if (rc < 0) {
         if (rc == -EACCES) { /* Get this for root squash NFS */
@@ -112,7 +112,7 @@ qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
     VIR_DEBUG("Process path %s for disk", path);
     rc = virCgroupDenyDevicePath(data->cgroup, path,
                                  VIR_CGROUP_DEVICE_RWM);
-    qemuAuditCgroupPath(data->vm, data->cgroup, "deny", path, "rwm", rc);
+    virDomainAuditCgroupPath(data->vm, data->cgroup, "deny", path, "rwm", rc);
     if (rc < 0) {
         if (rc == -EACCES) { /* Get this for root squash NFS */
             VIR_DEBUG("Ignoring EACCES for %s", path);
@@ -156,7 +156,7 @@ qemuSetupChardevCgroup(virDomainDefPtr def,
     VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path);
     rc = virCgroupAllowDevicePath(data->cgroup, dev->source.data.file.path,
                                   VIR_CGROUP_DEVICE_RW);
-    qemuAuditCgroupPath(data->vm, data->cgroup, "allow",
+    virDomainAuditCgroupPath(data->vm, data->cgroup, "allow",
                         dev->source.data.file.path, "rw", rc);
     if (rc < 0) {
         virReportSystemError(-rc,
@@ -179,7 +179,7 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED,
     VIR_DEBUG("Process path '%s' for USB device", path);
     rc = virCgroupAllowDevicePath(data->cgroup, path,
                                   VIR_CGROUP_DEVICE_RW);
-    qemuAuditCgroupPath(data->vm, data->cgroup, "allow", path, "rw", rc);
+    virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path, "rw", rc);
     if (rc < 0) {
         virReportSystemError(-rc,
                              _("Unable to allow device %s"),
@@ -215,7 +215,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
     if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) {
         qemuCgroupData data = { vm, cgroup };
         rc = virCgroupDenyAllDevices(cgroup);
-        qemuAuditCgroup(vm, cgroup, "deny", "all", rc == 0);
+        virDomainAuditCgroup(vm, cgroup, "deny", "all", rc == 0);
         if (rc != 0) {
             if (rc == -EPERM) {
                 VIR_WARN("Group devices ACL is not accessible, disabling whitelisting");
@@ -234,7 +234,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
 
         rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR,
                                        VIR_CGROUP_DEVICE_RW);
-        qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR,
+        virDomainAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR,
                              "pty", "rw", rc == 0);
         if (rc != 0) {
             virReportSystemError(-rc, "%s",
@@ -249,7 +249,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
               (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) {
             rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR,
                                            VIR_CGROUP_DEVICE_RW);
-            qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_SND_MAJOR,
+            virDomainAuditCgroupMajor(vm, cgroup, "allow", DEVICE_SND_MAJOR,
                                  "sound", "rw", rc == 0);
             if (rc != 0) {
                 virReportSystemError(-rc, "%s",
@@ -261,7 +261,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
         for (i = 0; deviceACL[i] != NULL ; i++) {
             rc = virCgroupAllowDevicePath(cgroup, deviceACL[i],
                                           VIR_CGROUP_DEVICE_RW);
-            qemuAuditCgroupPath(vm, cgroup, "allow", deviceACL[i], "rw", rc);
+            virDomainAuditCgroupPath(vm, cgroup, "allow", deviceACL[i], "rw", rc);
             if (rc < 0 &&
                 rc != -ENOENT) {
                 virReportSystemError(-rc,
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6e4480e..1894f32 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -35,7 +35,7 @@
 #include "uuid.h"
 #include "c-ctype.h"
 #include "domain_nwfilter.h"
-#include "qemu_audit.h"
+#include "domain_audit.h"
 #include "domain_conf.h"
 
 #include <sys/utsname.h>
@@ -130,7 +130,7 @@ qemuPhysIfaceConnect(virDomainDefPtr def,
                         &net->data.direct.virtPortProfile, &res_ifname,
                         vmop, driver->stateDir);
     if (rc >= 0) {
-        qemuAuditNetDevice(def, net, res_ifname, true);
+        virDomainAuditNetDevice(def, net, res_ifname, true);
         VIR_FREE(net->ifname);
         net->ifname = res_ifname;
     }
@@ -255,7 +255,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
     tapmac[0] = 0xFE; /* Discourage bridge from using TAP dev MAC */
     err = brAddTap(driver->brctl, brname, &net->ifname, tapmac,
                    vnet_hdr, true, &tapfd);
-    qemuAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0);
+    virDomainAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0);
     if (err) {
         if (err == ENOTSUP) {
             /* In this particular case, give a better diagnostic. */
@@ -346,7 +346,7 @@ qemuOpenVhostNet(virDomainDefPtr def,
     }
 
     *vhostfd = open("/dev/vhost-net", O_RDWR);
-    qemuAuditNetDevice(def, net, "/dev/vhost-net", *vhostfd >= 0);
+    virDomainAuditNetDevice(def, net, "/dev/vhost-net", *vhostfd >= 0);
 
     /* If the config says explicitly to use vhost and we couldn't open it,
      * report an error.
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 363a361..ea32e59 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -55,7 +55,6 @@
 #include "qemu_hotplug.h"
 #include "qemu_monitor.h"
 #include "qemu_bridge_filter.h"
-#include "qemu_audit.h"
 #include "qemu_process.h"
 #include "qemu_migration.h"
 
@@ -70,6 +69,7 @@
 #include "memory.h"
 #include "uuid.h"
 #include "domain_conf.h"
+#include "domain_audit.h"
 #include "node_device_conf.h"
 #include "pci.h"
 #include "hostusb.h"
@@ -1281,7 +1281,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
                          (flags & VIR_DOMAIN_START_PAUSED) != 0,
                          (flags & VIR_DOMAIN_START_AUTODESTROY) != 0,
                          -1, NULL, VIR_VM_OP_CREATE) < 0) {
-        qemuAuditDomainStart(vm, "booted", false);
+        virDomainAuditStart(vm, "booted", false);
         if (qemuDomainObjEndJob(vm) > 0)
             virDomainRemoveInactive(&driver->domains,
                                     vm);
@@ -1292,7 +1292,7 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STARTED,
                                      VIR_DOMAIN_EVENT_STARTED_BOOTED);
-    qemuAuditDomainStart(vm, "booted", true);
+    virDomainAuditStart(vm, "booted", true);
 
     dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
     if (dom) dom->id = vm->def->id;
@@ -1584,7 +1584,7 @@ static int qemudDomainDestroy(virDomainPtr dom) {
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
-    qemuAuditDomainStop(vm, "destroyed");
+    virDomainAuditStop(vm, "destroyed");
 
     if (!vm->persistent) {
         if (qemuDomainObjEndJob(vm) > 0)
@@ -1752,7 +1752,7 @@ static int qemudDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem,
             qemuDomainObjEnterMonitor(vm);
             r = qemuMonitorSetBalloon(priv->mon, newmem);
             qemuDomainObjExitMonitor(vm);
-            qemuAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update",
+            virDomainAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update",
                             r == 1);
             if (r < 0)
                 goto endjob;
@@ -2289,7 +2289,7 @@ static int qemudDomainSaveFlag(struct qemud_driver *driver, virDomainPtr dom,
 
     /* Shut it down */
     qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_SAVED);
-    qemuAuditDomainStop(vm, "saved");
+    virDomainAuditStop(vm, "saved");
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      VIR_DOMAIN_EVENT_STOPPED_SAVED);
@@ -2646,7 +2646,7 @@ static int qemudDomainCoreDump(virDomainPtr dom,
 endjob:
     if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
         qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_CRASHED);
-        qemuAuditDomainStop(vm, "crashed");
+        virDomainAuditStop(vm, "crashed");
         event = virDomainEventNewFromObj(vm,
                                          VIR_DOMAIN_EVENT_STOPPED,
                                          VIR_DOMAIN_EVENT_STOPPED_CRASHED);
@@ -2882,7 +2882,7 @@ static int qemudDomainHotplugVcpus(virDomainObjPtr vm, unsigned int nvcpus)
 cleanup:
     qemuDomainObjExitMonitor(vm);
     vm->def->vcpus = vcpus;
-    qemuAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1);
+    virDomainAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1);
     return ret;
 
 unsupported:
@@ -3689,14 +3689,14 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
     }
 
     if (ret < 0) {
-        qemuAuditDomainStart(vm, "restored", false);
+        virDomainAuditStart(vm, "restored", false);
         goto out;
     }
 
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STARTED,
                                      VIR_DOMAIN_EVENT_STARTED_RESTORED);
-    qemuAuditDomainStart(vm, "restored", true);
+    virDomainAuditStart(vm, "restored", true);
     if (event)
         qemuDomainEventQueue(driver, event);
 
@@ -4038,7 +4038,7 @@ static int qemudDomainObjStart(virConnectPtr conn,
 
     ret = qemuProcessStart(conn, driver, vm, NULL, start_paused,
                            autodestroy, -1, NULL, VIR_VM_OP_CREATE);
-    qemuAuditDomainStart(vm, "booted", ret >= 0);
+    virDomainAuditStart(vm, "booted", ret >= 0);
     if (ret >= 0) {
         virDomainEventPtr event =
             virDomainEventNewFromObj(vm,
@@ -8002,7 +8002,7 @@ static int qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
 
             rc = qemuProcessStart(snapshot->domain->conn, driver, vm, NULL,
                                   false, false, -1, NULL, VIR_VM_OP_CREATE);
-            qemuAuditDomainStart(vm, "from-snapshot", rc >= 0);
+            virDomainAuditStart(vm, "from-snapshot", rc >= 0);
             if (qemuDomainSnapshotSetCurrentInactive(vm, driver->snapshotDir) < 0)
                 goto endjob;
             if (rc < 0)
@@ -8039,7 +8039,7 @@ static int qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
 
         if (virDomainObjIsActive(vm)) {
             qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_FROM_SNAPSHOT);
-            qemuAuditDomainStop(vm, "from-snapshot");
+            virDomainAuditStop(vm, "from-snapshot");
             event = virDomainEventNewFromObj(vm,
                                              VIR_DOMAIN_EVENT_STOPPED,
                                              VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT);
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index a7f11ab..ca67410 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -29,8 +29,8 @@
 #include "qemu_domain.h"
 #include "qemu_command.h"
 #include "qemu_bridge_filter.h"
-#include "qemu_audit.h"
 #include "qemu_hostdev.h"
+#include "domain_audit.h"
 #include "domain_nwfilter.h"
 #include "logging.h"
 #include "virterror_internal.h"
@@ -113,7 +113,7 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver,
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditDisk(vm, origdisk, disk, "update", ret >= 0);
+    virDomainAuditDisk(vm, origdisk, disk, "update", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -223,7 +223,7 @@ int qemuDomainAttachPciDiskDevice(struct qemud_driver *driver,
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0);
+    virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -467,7 +467,7 @@ int qemuDomainAttachSCSIDisk(struct qemud_driver *driver,
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0);
+    virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -559,7 +559,7 @@ int qemuDomainAttachUsbMassstorageDevice(struct qemud_driver *driver,
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0);
+    virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0);
 
     if (ret < 0)
         goto error;
@@ -681,14 +681,14 @@ int qemuDomainAttachNetDevice(virConnectPtr conn,
         if (qemuMonitorAddNetdev(priv->mon, netstr, tapfd, tapfd_name,
                                  vhostfd, vhostfd_name) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, NULL, net, "attach", false);
+            virDomainAuditNet(vm, NULL, net, "attach", false);
             goto cleanup;
         }
     } else {
         if (qemuMonitorAddHostNetwork(priv->mon, netstr, tapfd, tapfd_name,
                                       vhostfd, vhostfd_name) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, NULL, net, "attach", false);
+            virDomainAuditNet(vm, NULL, net, "attach", false);
             goto cleanup;
         }
     }
@@ -715,14 +715,14 @@ int qemuDomainAttachNetDevice(virConnectPtr conn,
     if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuMonitorAddDevice(priv->mon, nicstr) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, NULL, net, "attach", false);
+            virDomainAuditNet(vm, NULL, net, "attach", false);
             goto try_remove;
         }
     } else {
         if (qemuMonitorAddPCINetwork(priv->mon, nicstr,
                                      &guestAddr) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, NULL, net, "attach", false);
+            virDomainAuditNet(vm, NULL, net, "attach", false);
             goto try_remove;
         }
         net->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI;
@@ -730,7 +730,7 @@ int qemuDomainAttachNetDevice(virConnectPtr conn,
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditNet(vm, NULL, net, "attach", true);
+    virDomainAuditNet(vm, NULL, net, "attach", true);
 
     ret = 0;
 
@@ -857,7 +857,7 @@ int qemuDomainAttachHostPciDevice(struct qemud_driver *driver,
         hostdev->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI;
         memcpy(&hostdev->info.addr.pci, &guestAddr, sizeof(guestAddr));
     }
-    qemuAuditHostdev(vm, hostdev, "attach", ret == 0);
+    virDomainAuditHostdev(vm, hostdev, "attach", ret == 0);
     if (ret < 0)
         goto error;
 
@@ -937,7 +937,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver,
                                            hostdev->source.subsys.u.usb.bus,
                                            hostdev->source.subsys.u.usb.device);
     qemuDomainObjExitMonitorWithDriver(driver, vm);
-    qemuAuditHostdev(vm, hostdev, "attach", ret == 0);
+    virDomainAuditHostdev(vm, hostdev, "attach", ret == 0);
     if (ret < 0)
         goto error;
 
@@ -1241,14 +1241,14 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver,
     if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
             qemuDomainObjExitMonitor(vm);
-            qemuAuditDisk(vm, detach, NULL, "detach", false);
+            virDomainAuditDisk(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
     } else {
         if (qemuMonitorRemovePCIDevice(priv->mon,
                                        &detach->info.addr.pci) < 0) {
             qemuDomainObjExitMonitor(vm);
-            qemuAuditDisk(vm, detach, NULL, "detach", false);
+            virDomainAuditDisk(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
     }
@@ -1258,7 +1258,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver,
 
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditDisk(vm, detach, NULL, "detach", true);
+    virDomainAuditDisk(vm, detach, NULL, "detach", true);
 
     if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) &&
         qemuDomainPCIAddressReleaseSlot(priv->pciaddrs,
@@ -1336,7 +1336,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver,
     qemuDomainObjEnterMonitorWithDriver(driver, vm);
     if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
         qemuDomainObjExitMonitor(vm);
-        qemuAuditDisk(vm, detach, NULL, "detach", false);
+        virDomainAuditDisk(vm, detach, NULL, "detach", false);
         goto cleanup;
     }
 
@@ -1345,7 +1345,7 @@ int qemuDomainDetachDiskDevice(struct qemud_driver *driver,
 
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditDisk(vm, detach, NULL, "detach", true);
+    virDomainAuditDisk(vm, detach, NULL, "detach", true);
 
     virDomainDiskRemove(vm->def, i);
 
@@ -1570,14 +1570,14 @@ int qemuDomainDetachNetDevice(struct qemud_driver *driver,
     if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
             qemuDomainObjExitMonitor(vm);
-            qemuAuditNet(vm, detach, NULL, "detach", false);
+            virDomainAuditNet(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
     } else {
         if (qemuMonitorRemovePCIDevice(priv->mon,
                                        &detach->info.addr.pci) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, detach, NULL, "detach", false);
+            virDomainAuditNet(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
     }
@@ -1586,19 +1586,19 @@ int qemuDomainDetachNetDevice(struct qemud_driver *driver,
         qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuMonitorRemoveNetdev(priv->mon, hostnet_name) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, detach, NULL, "detach", false);
+            virDomainAuditNet(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
     } else {
         if (qemuMonitorRemoveHostNetwork(priv->mon, vlan, hostnet_name) < 0) {
             qemuDomainObjExitMonitorWithDriver(driver, vm);
-            qemuAuditNet(vm, detach, NULL, "detach", false);
+            virDomainAuditNet(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
 
-    qemuAuditNet(vm, detach, NULL, "detach", true);
+    virDomainAuditNet(vm, detach, NULL, "detach", true);
 
     if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) &&
         qemuDomainPCIAddressReleaseSlot(priv->pciaddrs,
@@ -1708,7 +1708,7 @@ int qemuDomainDetachHostPciDevice(struct qemud_driver *driver,
         ret = qemuMonitorRemovePCIDevice(priv->mon, &detach->info.addr.pci);
     }
     qemuDomainObjExitMonitorWithDriver(driver, vm);
-    qemuAuditHostdev(vm, detach, "detach", ret == 0);
+    virDomainAuditHostdev(vm, detach, "detach", ret == 0);
     if (ret < 0)
         return -1;
 
@@ -1807,7 +1807,7 @@ int qemuDomainDetachHostUsbDevice(struct qemud_driver *driver,
     qemuDomainObjEnterMonitorWithDriver(driver, vm);
     ret = qemuMonitorDelDevice(priv->mon, detach->info.alias);
     qemuDomainObjExitMonitorWithDriver(driver, vm);
-    qemuAuditHostdev(vm, detach, "detach", ret == 0);
+    virDomainAuditHostdev(vm, detach, "detach", ret == 0);
     if (ret < 0)
         return -1;
 
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index d7b27a0..f909298 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -30,9 +30,9 @@
 #include "qemu_domain.h"
 #include "qemu_process.h"
 #include "qemu_capabilities.h"
-#include "qemu_audit.h"
 #include "qemu_cgroup.h"
 
+#include "domain_audit.h"
 #include "logging.h"
 #include "virterror_internal.h"
 #include "memory.h"
@@ -1129,7 +1129,7 @@ qemuMigrationPrepareTunnel(struct qemud_driver *driver,
                                    true, dataFD[0], NULL,
                                    VIR_VM_OP_MIGRATE_IN_START);
     if (internalret < 0) {
-        qemuAuditDomainStart(vm, "migrated", false);
+        virDomainAuditStart(vm, "migrated", false);
         /* Note that we don't set an error here because qemuProcessStart
          * should have already done that.
          */
@@ -1141,7 +1141,7 @@ qemuMigrationPrepareTunnel(struct qemud_driver *driver,
     }
 
     if (virFDStreamOpen(st, dataFD[1]) < 0) {
-        qemuAuditDomainStart(vm, "migrated", false);
+        virDomainAuditStart(vm, "migrated", false);
         qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_FAILED);
         if (!vm->persistent) {
             if (qemuDomainObjEndJob(vm) > 0)
@@ -1154,7 +1154,7 @@ qemuMigrationPrepareTunnel(struct qemud_driver *driver,
     }
     dataFD[1] = -1; /* 'st' owns the FD now & will close it */
 
-    qemuAuditDomainStart(vm, "migrated", true);
+    virDomainAuditStart(vm, "migrated", true);
 
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STARTED,
@@ -1356,7 +1356,7 @@ qemuMigrationPrepareDirect(struct qemud_driver *driver,
     snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port);
     if (qemuProcessStart(dconn, driver, vm, migrateFrom, true, true,
                          -1, NULL, VIR_VM_OP_MIGRATE_IN_START) < 0) {
-        qemuAuditDomainStart(vm, "migrated", false);
+        virDomainAuditStart(vm, "migrated", false);
         /* Note that we don't set an error here because qemuProcessStart
          * should have already done that.
          */
@@ -1386,7 +1386,7 @@ qemuMigrationPrepareDirect(struct qemud_driver *driver,
         VIR_WARN("Unable to encode migration cookie");
     }
 
-    qemuAuditDomainStart(vm, "migrated", true);
+    virDomainAuditStart(vm, "migrated", true);
     event = virDomainEventNewFromObj(vm,
                                      VIR_DOMAIN_EVENT_STARTED,
                                      VIR_DOMAIN_EVENT_STARTED_MIGRATED);
@@ -2337,7 +2337,7 @@ int qemuMigrationPerform(struct qemud_driver *driver,
         resume = 0;
     } else {
         qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_MIGRATED);
-        qemuAuditDomainStop(vm, "migrated");
+        virDomainAuditStop(vm, "migrated");
         resume = 0;
 
         event = virDomainEventNewFromObj(vm,
@@ -2531,7 +2531,7 @@ qemuMigrationFinish(struct qemud_driver *driver,
                  */
                 if (v3proto) {
                     qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED);
-                    qemuAuditDomainStop(vm, "failed");
+                    virDomainAuditStop(vm, "failed");
                     event = virDomainEventNewFromObj(vm,
                                                      VIR_DOMAIN_EVENT_STOPPED,
                                                      VIR_DOMAIN_EVENT_STOPPED_FAILED);
@@ -2567,7 +2567,7 @@ qemuMigrationFinish(struct qemud_driver *driver,
         qemuProcessAutoDestroyRemove(driver, vm);
     } else {
         qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED);
-        qemuAuditDomainStop(vm, "failed");
+        virDomainAuditStop(vm, "failed");
         event = virDomainEventNewFromObj(vm,
                                          VIR_DOMAIN_EVENT_STOPPED,
                                          VIR_DOMAIN_EVENT_STOPPED_FAILED);
@@ -2630,7 +2630,7 @@ int qemuMigrationConfirm(struct qemud_driver *driver,
      */
     if (retcode == 0) {
         qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_MIGRATED);
-        qemuAuditDomainStop(vm, "migrated");
+        virDomainAuditStop(vm, "migrated");
 
         event = virDomainEventNewFromObj(vm,
                                          VIR_DOMAIN_EVENT_STOPPED,
@@ -2710,7 +2710,7 @@ qemuMigrationToFile(struct qemud_driver *driver, virDomainObjPtr vm,
             }
             rc = virCgroupAllowDevicePath(cgroup, path,
                                           VIR_CGROUP_DEVICE_RW);
-            qemuAuditCgroupPath(vm, cgroup, "allow", path, "rw", rc);
+            virDomainAuditCgroupPath(vm, cgroup, "allow", path, "rw", rc);
             if (rc < 0) {
                 virReportSystemError(-rc,
                                      _("Unable to allow device %s for %s"),
@@ -2799,7 +2799,7 @@ cleanup:
     if (cgroup != NULL) {
         rc = virCgroupDenyDevicePath(cgroup, path,
                                      VIR_CGROUP_DEVICE_RWM);
-        qemuAuditCgroupPath(vm, cgroup, "deny", path, "rwm", rc);
+        virDomainAuditCgroupPath(vm, cgroup, "deny", path, "rwm", rc);
         if (rc < 0)
             VIR_WARN("Unable to deny device %s for %s %d",
                      path, vm->def->name, rc);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f2c439b..81282d0 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -34,7 +34,6 @@
 #include "qemu_capabilities.h"
 #include "qemu_monitor.h"
 #include "qemu_command.h"
-#include "qemu_audit.h"
 #include "qemu_hostdev.h"
 #include "qemu_hotplug.h"
 #include "qemu_bridge_filter.h"
@@ -54,6 +53,7 @@
 #include "c-ctype.h"
 #include "nodeinfo.h"
 #include "processinfo.h"
+#include "domain_audit.h"
 #include "domain_nwfilter.h"
 #include "locking/domain_lock.h"
 #include "uuid.h"
@@ -141,7 +141,7 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      eventReason);
     qemuProcessStop(driver, vm, 0, stopReason);
-    qemuAuditDomainStop(vm, auditReason);
+    virDomainAuditStop(vm, auditReason);
 
     if (!vm->persistent)
         virDomainRemoveInactive(&driver->domains, vm);
@@ -2402,10 +2402,10 @@ int qemuProcessStart(virConnectPtr conn,
        then generate a security label for isolation */
     VIR_DEBUG("Generating domain security label (if required)");
     if (virSecurityManagerGenLabel(driver->securityManager, vm) < 0) {
-        qemuAuditSecurityLabel(vm, false);
+        virDomainAuditSecurityLabel(vm, false);
         goto cleanup;
     }
-    qemuAuditSecurityLabel(vm, true);
+    virDomainAuditSecurityLabel(vm, true);
 
     /* Ensure no historical cgroup for this VM is lying around bogus
      * settings */
@@ -3025,7 +3025,7 @@ static void qemuProcessAutoDestroyDom(void *payload,
 
     VIR_DEBUG("Killing domain");
     qemuProcessStop(data->driver, dom, 1, VIR_DOMAIN_SHUTOFF_DESTROYED);
-    qemuAuditDomainStop(dom, "destroyed");
+    virDomainAuditStop(dom, "destroyed");
     event = virDomainEventNewFromObj(dom,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
-- 
1.7.4.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]