Re: [libvirt] [PATCH 05/10] conf:audit: introduce audit function for shared memory device
On 07/08/2015 07:56 PM, Martin Kletzander wrote:
On Wed, Jun 17, 2015 at 11:56:16AM +0800, Luyao Huang wrote:
> Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
> ---
> docs/auditlog.html.in | 16 ++++++++++++++++
> src/conf/domain_audit.c | 16 ++++++++++++++++
> src/conf/domain_audit.h | 6 ++++++
> src/libvirt_private.syms | 1 +
> 4 files changed, 39 insertions(+)
>
> diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
> index 8a007ca..b168cbf 100644
> --- a/docs/auditlog.html.in
> +++ b/docs/auditlog.html.in
> @@ -301,6 +301,22 @@
> <dd>Updated path of the backing character device for given
> emulated device</dd>
> </dl>
>
> + <h4><a name="typeresourceivshmem">Shared memory
device</a></h4>
> + <p>
> + The <code>msg</code> field will include the following sub-fields
> + </p>
> +
> + <dl>
> + <dt>reason</dt>
> + <dd>The reason which caused the resource to be assigned to
> happen</dd>
> + <dt>resrc</dt>
> + <dd>The type of resource assigned. Set to
<code>shmem</code></dd>
> + <dt>old-shmem</dt>
> + <dd>Original memory size of share memory device in bytes, or
> 0</dd>
> + <dt>new-shmem</dt>
> + <dd>Updated memory size of share memory device in bytes</dd>
I don't think memory size is the thing audit cares about, it should be
the name/path mostly. Even better if we could audit all of it (size,
name, path).
Okay, i agreed with you,
Thanks a lot for your review.
Luyao
> + </dl>
> +
> <h4><a
name="typeresourcesmartcard">smartcard</a></h4>
> <p>
> The <code>msg</code> field will include the following sub-fields
> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
> index 1900039..aa2b4b5 100644
> --- a/src/conf/domain_audit.c
> +++ b/src/conf/domain_audit.c
> @@ -799,6 +799,19 @@ virDomainAuditIOThread(virDomainObjPtr vm,
> reason, success);
> }
>
> +
> +void
> +virDomainAuditShmem(virDomainObjPtr vm,
> + virDomainShmemDefPtr oldDef,
> virDomainShmemDefPtr newDef,
> + const char *reason, bool success)
> +{
> + return virDomainAuditResource(vm, "shmem",
> + oldDef ? oldDef->size : 0,
> + newDef ? newDef->size : 0,
> + reason, success);
> +}
> +
> +
> static void
> virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
> const char *reason, bool success)
> @@ -880,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const
> char *reason, bool success)
> for (i = 0; i < vm->def->nrngs; i++)
> virDomainAuditRNG(vm, NULL, vm->def->rngs[i], "start",
true);
>
> + for (i = 0; i < vm->def->nshmems; i++)
> + virDomainAuditShmem(vm, NULL, vm->def->shmems[i], "start",
> true);
> +
> if (vm->def->tpm)
> virDomainAuditTPM(vm, vm->def->tpm, "start", true);
>
> diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h
> index 97dadca..081cbb1 100644
> --- a/src/conf/domain_audit.h
> +++ b/src/conf/domain_audit.h
> @@ -129,6 +129,12 @@ void virDomainAuditRNG(virDomainObjPtr vm,
> const char *reason,
> bool success)
> ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
> +void virDomainAuditShmem(virDomainObjPtr vm,
> + virDomainShmemDefPtr oldDef,
> + virDomainShmemDefPtr newDef,
> + const char *reason,
> + bool success)
> + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
>
>
> #endif /* __VIR_DOMAIN_AUDIT_H__ */
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index dc8a52d..3ceb4e3 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -134,6 +134,7 @@ virDomainAuditNetDevice;
> virDomainAuditRedirdev;
> virDomainAuditRNG;
> virDomainAuditSecurityLabel;
> +virDomainAuditShmem;
> virDomainAuditStart;
> virDomainAuditStop;
> virDomainAuditVcpu;
> --
> 1.8.3.1
>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list