Add auditing of filesystems

When passing through filesystems from the host to a guest, the host filesystem passed must be audited * src/conf/domain_audit.{c,h}: Add virDomainAuditFS

Add auditing of filesystems
When passing through filesystems from the host to a guest, the host filesystem passed must be audited * src/conf/domain_audit.{c,h}: Add virDomainAuditFS
e6e90c8d · Daniel P. Berrange · b43070eb · e6e90c8d · e6e90c8d · e6e90c8d
隐藏空白更改
内联并排

Showing with 53 addition and 0 deletion

src/conf/domain_audit.c src/conf/domain_audit.c +46 -0

src/conf/domain_audit.h src/conf/domain_audit.h +6 -0

src/libvirt_private.syms src/libvirt_private.syms +1 -0

未找到文件。
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -99,6 +99,47 @@ cleanup:
 }


+void
+virDomainAuditFS(virDomainObjPtr vm,
+                 virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
+                 const char *reason, bool success)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname;
+    char *oldsrc = NULL;
+    char *newsrc = NULL;
+
+    virUUIDFormat(vm->def->uuid, uuidstr);
+    if (!(vmname = virAuditEncode("vm", vm->def->name))) {
+        VIR_WARN("OOM while encoding audit message");
+        return;
+    }
+
+    if (!(oldsrc = virAuditEncode("old-fs",
+                                  oldDef && oldDef->src ?
+                                  oldDef->src : "?"))) {
+        VIR_WARN("OOM while encoding audit message");
+        goto cleanup;
+    }
+    if (!(newsrc = virAuditEncode("new-fs",
+                                  newDef && newDef->src ?
+                                  newDef->src : "?"))) {
+        VIR_WARN("OOM while encoding audit message");
+        goto cleanup;
+    }
+
+    VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+              "resrc=fs reason=%s %s uuid=%s %s %s",
+              reason, vmname, uuidstr,
+              oldsrc, newsrc);
+
+cleanup:
+    VIR_FREE(vmname);
+    VIR_FREE(oldsrc);
+    VIR_FREE(newsrc);
+}
+
+
 void
 virDomainAuditNet(virDomainObjPtr vm,
                  virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
@@ -433,6 +474,11 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
            virDomainAuditDisk(vm, NULL, disk, "start", true);
    }

+    for (i = 0 ; i < vm->def->nfss ; i++) {
+        virDomainFSDefPtr fs = vm->def->fss[i];
+        virDomainAuditFS(vm, NULL, fs, "start", true);
+    }
+
    for (i = 0 ; i < vm->def->nnets ; i++) {
        virDomainNetDefPtr net = vm->def->nets[i];
        virDomainAuditNet(vm, NULL, net, "start", true);

--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -40,6 +40,12 @@ void virDomainAuditDisk(virDomainObjPtr vm,
                        const char *reason,
                        bool success)
    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditFS(virDomainObjPtr vm,
+                      virDomainFSDefPtr oldDef,
+                      virDomainFSDefPtr newDef,
+                      const char *reason,
+                      bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
 void virDomainAuditNet(virDomainObjPtr vm,
                       virDomainNetDefPtr oldDef,
                       virDomainNetDefPtr newDef,

--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -207,6 +207,7 @@ virDomainAuditCgroup;
 virDomainAuditCgroupMajor;
 virDomainAuditCgroupPath;
 virDomainAuditDisk;
+virDomainAuditFS;
 virDomainAuditHostdev;
 virDomainAuditMemory;
 virDomainAuditNet;