[libvirt] [PATCH 01/12] conf: audit passthrough input devices at domain startup
Introduce virDomainAuditInput and use it to log the evdev passed
to the guest.
---
src/conf/domain_audit.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
src/conf/domain_audit.h | 5 +++++
2 files changed, 49 insertions(+)
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 4afc22019..723c73736 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -868,6 +868,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool
success)
for (i = 0; i < vm->def->nshmems; i++)
virDomainAuditShmem(vm, vm->def->shmems[i], "start", true);
+ for (i = 0; i < vm->def->ninputs; i++)
+ virDomainAuditInput(vm, vm->def->inputs[i], "start", true);
+
virDomainAuditMemory(vm, 0, virDomainDefGetMemoryTotal(vm->def),
"start", true);
virDomainAuditVcpu(vm, 0, virDomainDefGetVcpus(vm->def), "start",
true);
@@ -983,3 +986,44 @@ virDomainAuditShmem(virDomainObjPtr vm,
VIR_FREE(shmpath);
return;
}
+
+
+void
+virDomainAuditInput(virDomainObjPtr vm,
+ virDomainInputDefPtr input,
+ const char *reason,
+ bool success)
+{
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ char *vmname;
+ const char *virt = virDomainVirtTypeToString(vm->def->virtType);
+
+ virUUIDFormat(vm->def->uuid, uuidstr);
+
+ if (!(vmname = virAuditEncode("vm", vm->def->name)))
+ goto no_memory;
+
+ switch ((virDomainInputType) input->type) {
+ case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+ case VIR_DOMAIN_INPUT_TYPE_TABLET:
+ case VIR_DOMAIN_INPUT_TYPE_KBD:
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+ VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+ "virt=%s resrc=evdev reason=%s %s uuid=%s path=%s",
+ virt, reason, vmname, uuidstr, VIR_AUDIT_STR(input->source.evdev));
+ break;
+
+ case VIR_DOMAIN_INPUT_TYPE_LAST:
+ break;
+ }
+
+ cleanup:
+ VIR_FREE(vmname);
+ return;
+
+ no_memory:
+ VIR_WARN("OOM while encoding audit message");
+ goto cleanup;
+}
diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
index 8cb585dc7..474ccb6b8 100644
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@@ -133,6 +133,11 @@ void virDomainAuditShmem(virDomainObjPtr vm,
virDomainShmemDefPtr def,
const char *reason, bool success)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditInput(virDomainObjPtr vm,
+ virDomainInputDefPtr input,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
#endif /* __VIR_DOMAIN_AUDIT_H__ */
--
2.13.0