On 03/12/13 12:19, Daniel P. Berrange wrote:
On Mon, Mar 11, 2013 at 05:19:36PM +0100, Peter Krempa wrote:
This patch adds auditing of resources used by the 'random' backend of virtio RNG. --- If there's desire to audit also use of the "egd" backend that uses a generic character device, a way how to audit this device will need to be introduced. We don't audit useage of chardevs right now.
src/conf/domain_audit.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+)
Can you update the commit message to give an example of the exact audit message that is generated from this. Also please Cc Steve Grubb when you re-post this, for sign-off from his position as audit tools maintainer.
Okay.
+static void +virDomainAuditRNG(virDomainObjPtr vm, + virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef, + const char *reason, bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname; + char *oldsrc = NULL; + char *newsrc = NULL; + const char *virt; + + virUUIDFormat(vm->def->uuid, uuidstr); + if (!(vmname = virAuditEncode("vm", vm->def->name))) + goto no_memory; + + if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) { + VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType); + virt = "?"; + } + + if (newDef) { + switch (newDef->backend) { + case VIR_DOMAIN_RNG_BACKEND_RANDOM: + if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newDef->source.file))))
Can't newDef->source.file be NULL ? In such a case we need to explicitly fill in the file that QEMU will default to in the audit record. We can't leave the filename blank
Ah, yeah.
+ goto no_memory; + break; + + case VIR_DOMAIN_RNG_BACKEND_EGD: + case VIR_DOMAIN_RNG_BACKEND_LAST: + if (!(newsrc = virAuditEncode("new-rng", "?")))
We need to specify the EGD unix socket path we use too, not merely '?'.
This can be set to multiple things as the backend is a chardev from point of view of qemu: The data can be transported using: TCP, UDP, unix sockets and a ton of other stuff, and we don't have a precedent case for this. Is there a need to represend TCP backends? Or auditing is meant just for local stuff?
+ goto no_memory; + break; + } + } else { + if (!(newsrc = virAuditEncode("new-rng", "?"))) + goto no_memory; + } +
Peter