Re: [libvirt] [PATCHv2 4/8] audit: audit use of /dev/vhost-net

Passing the vhost net device fd to qemu is worth an audit point, since it is a kernel-managed device. This patch points out that qemu still can't hot-plug and hot-unplug vhost-net interfaces. * src/qemu/qemu_audit.h (qemuAuditNetVhost): New prototype. * src/qemu/qemu_audit.c (qemuAuditNetVhost): New function. * src/qemu/qemu_command.c (qemuOpenVhostNet): Add audit point and new parameter. (qemuBuildCommandLine): Adjust caller. --- v2: new patch; still missing an audit point for where /dev/net/tun is opened, and the name should probably be qemuAuditNetDevice (since it is feasible to open just /dev/net/tun and not /dev/vhost-net when the xml asks for that). Perhaps should be shuffled to live after patch 8/8.

+void +qemuAuditNetVhost(virDomainDefPtr vmDef, + virDomainNetDefPtr netDef, const char *device, + const char *reason, bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char macstr[VIR_MAC_STRING_BUFLEN]; + char *vmname; + char *devname; + char *rdev; + + virUUIDFormat(vmDef->uuid, uuidstr); + virFormatMacAddr(netDef->mac, macstr); + if (!(vmname = virAuditEncode("vm", vmDef->name)) || + !(devname = virAuditEncode("path", device)) || + !(rdev = qemuAuditGetRdev(device))) { + VIR_WARN0("OOM while encoding audit message"); + goto cleanup; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "resrc=net reason=%s %s uuid=%s net='%s' %s %s", + reason, vmname, uuidstr, + macstr, devname, rdev);