Re: [libvirt] [PATCHv3] audit: Audit resources used by VirtIO RNG
On Wed, Mar 13, 2013 at 10:46:24AM +0100, Peter Krempa wrote:
This patch adds auditing of resources used by Virtio RNG devices.
Only
resources on the local filesystems are audited.
The audit logs look like:
For the 'random' backend:
type=VIRT_RESOURCE msg=audit(1363099126.643:31): pid=995252 uid=0 auid=4294967295
ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test"
uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?"
new-rng="/dev/random": exe="/home/pipo/libvirt/daemon/.libs/libvirtd"
hostname=? addr=? terminal=pts/0 res=success'
For local character device source:
type=VIRT_RESOURCE msg=audit(1363100164.240:96): pid=995252 uid=0 auid=4294967295
ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test"
uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?"
new-rng="/tmp/unix.sock":
exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0
res=success'
---
Notes:
Version 3:
- don't log non-local resources for EGD backend
- change order of blocks of code to optimize
Version 2:
- log also EGD backends
- add example of audit message to commit message
src/conf/domain_audit.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 120 insertions(+)
ACK, but wait 1 more day to give Steve Grubb a chance to
raise any issues before pushing.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|