Re: [libvirt] [PATCH] audit: add audit information about panic devices
On Mon, Oct 10, 2016 at 08:18:04PM +0800, Chen Hanxiao wrote:
At 2016-10-10 19:24:02, "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
>On Mon, Oct 10, 2016 at 07:19:57PM +0800, Chen Hanxiao wrote:
>> From: Chen Hanxiao <chenhanxiao(a)gmail.com>
>>
>> This patch add audit info for panic notifier devices.
>
>The audit code only emits audit information for cases where QEMU is
>using some resource on the host. The panic device does not have any
>host backend, so there's no reason to audit it.
Thanks for the clarification.
But should we doc it in auditlog.html.in?
Audit is, by definition, meant for auditing what do we allow qemu to
do. So that later you can see what domains had access to what resources
on the system. Doesn't make much sense stating that explicitly there,
but it's easy to get someone confused, so I wouldn't be totally against
adding one sentence to the Introduction, I guess.
Regards,
- Chen
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Attachments:
- signature.asc (application/pgp-signature — 801 bytes)