[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] audit: Audit operations done by using VirtIO RNG

On 03/12/13 12:19, Daniel P. Berrange wrote:
On Mon, Mar 11, 2013 at 05:19:36PM +0100, Peter Krempa wrote:
This patch adds auditing of resources used by the 'random' backend of
virtio RNG.
If there's desire to audit also use of the "egd" backend that uses a
generic character device, a way how to audit this device will need to be
introduced. We don't audit useage of chardevs right now.

  src/conf/domain_audit.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++
  1 file changed, 76 insertions(+)

Can you update the commit message to give an example of the exact
audit message that is generated from this. Also please Cc Steve
Grubb when you re-post this, for sign-off from his position as
audit tools maintainer.


+static void
+virDomainAuditRNG(virDomainObjPtr vm,
+                  virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef,
+                  const char *reason, bool success)
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname;
+    char *oldsrc = NULL;
+    char *newsrc = NULL;
+    const char *virt;
+    virUUIDFormat(vm->def->uuid, uuidstr);
+    if (!(vmname = virAuditEncode("vm", vm->def->name)))
+        goto no_memory;
+    if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
+        VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
+        virt = "?";
+    }
+    if (newDef) {
+        switch (newDef->backend) {
+            if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newDef->source.file))))

Can't newDef->source.file be NULL ? In such a case we need to explicitly
fill in the file that QEMU will default to in the audit record. We can't
leave the filename blank

Ah, yeah.

+                goto no_memory;
+            break;
+            if (!(newsrc = virAuditEncode("new-rng", "?")))

We need to specify the EGD unix socket path we use too, not merely '?'.

This can be set to multiple things as the backend is a chardev from point of view of qemu:

The data can be transported using: TCP, UDP, unix sockets and a ton of other stuff, and we don't have a precedent case for this. Is there a need to represend TCP backends? Or auditing is meant just for local stuff?

+                goto no_memory;
+            break;
+        }
+    } else {
+        if (!(newsrc = virAuditEncode("new-rng", "?")))
+            goto no_memory;
+    }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]