From e6e90c8d70582014de414a059c85ef75748e40e9 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 4 Jul 2011 12:00:33 +0100
Subject: [PATCH] Add auditing of filesystems

When passing through filesystems from the host to a guest, the
host filesystem passed must be audited

* src/conf/domain_audit.{c,h}: Add virDomainAuditFS
---
 src/conf/domain_audit.c  | 46 ++++++++++++++++++++++++++++++++++++++++
 src/conf/domain_audit.h  |  6 ++++++
 src/libvirt_private.syms |  1 +
 3 files changed, 53 insertions(+)

diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index b3451629e9..f3bcf34900 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -99,6 +99,47 @@ cleanup:
 }
 
 
+void
+virDomainAuditFS(virDomainObjPtr vm,
+                 virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
+                 const char *reason, bool success)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname;
+    char *oldsrc = NULL;
+    char *newsrc = NULL;
+
+    virUUIDFormat(vm->def->uuid, uuidstr);
+    if (!(vmname = virAuditEncode("vm", vm->def->name))) {
+        VIR_WARN("OOM while encoding audit message");
+        return;
+    }
+
+    if (!(oldsrc = virAuditEncode("old-fs",
+                                  oldDef && oldDef->src ?
+                                  oldDef->src : "?"))) {
+        VIR_WARN("OOM while encoding audit message");
+        goto cleanup;
+    }
+    if (!(newsrc = virAuditEncode("new-fs",
+                                  newDef && newDef->src ?
+                                  newDef->src : "?"))) {
+        VIR_WARN("OOM while encoding audit message");
+        goto cleanup;
+    }
+
+    VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+              "resrc=fs reason=%s %s uuid=%s %s %s",
+              reason, vmname, uuidstr,
+              oldsrc, newsrc);
+
+cleanup:
+    VIR_FREE(vmname);
+    VIR_FREE(oldsrc);
+    VIR_FREE(newsrc);
+}
+
+
 void
 virDomainAuditNet(virDomainObjPtr vm,
                   virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
@@ -433,6 +474,11 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
             virDomainAuditDisk(vm, NULL, disk, "start", true);
     }
 
+    for (i = 0 ; i < vm->def->nfss ; i++) {
+        virDomainFSDefPtr fs = vm->def->fss[i];
+        virDomainAuditFS(vm, NULL, fs, "start", true);
+    }
+
     for (i = 0 ; i < vm->def->nnets ; i++) {
         virDomainNetDefPtr net = vm->def->nets[i];
         virDomainAuditNet(vm, NULL, net, "start", true);
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 44da344e3d..0e88fd396a 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -40,6 +40,12 @@ void virDomainAuditDisk(virDomainObjPtr vm,
                         const char *reason,
                         bool success)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditFS(virDomainObjPtr vm,
+                      virDomainFSDefPtr oldDef,
+                      virDomainFSDefPtr newDef,
+                      const char *reason,
+                      bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
 void virDomainAuditNet(virDomainObjPtr vm,
                        virDomainNetDefPtr oldDef,
                        virDomainNetDefPtr newDef,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e3627e5280..3237d186fc 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -207,6 +207,7 @@ virDomainAuditCgroup;
 virDomainAuditCgroupMajor;
 virDomainAuditCgroupPath;
 virDomainAuditDisk;
+virDomainAuditFS;
 virDomainAuditHostdev;
 virDomainAuditMemory;
 virDomainAuditNet;
-- 
GitLab