From: Chen Hanxiao <chenhanxiao@gmail.com> This patch add audit info for panic notifier devices. Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com> --- docs/auditlog.html.in | 15 +++++++++++++++ src/conf/domain_audit.c | 38 ++++++++++++++++++++++++++++++++++++++ src/conf/domain_audit.h | 4 ++++ src/libvirt_private.syms | 1 + 4 files changed, 58 insertions(+) diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in index 0c778aa..45464af 100644 --- a/docs/auditlog.html.in +++ b/docs/auditlog.html.in @@ -371,5 +371,20 @@ <dd>Path of the backing character device for given emulated device</dd> </dl> + + <h4><a name="typeresourcepanic">Panic notifier</a></h4> + <p> + The <code>msg</code> field will include the following sub-fields + </p> + + <dl> + <dt><code>resrc</code></dt> + <dd>The type of resource assigned. Set to <code>panic</code></dd> + <dt><code>reason</code></dt> + <dd>The reason which caused the resource to be assigned to happen</dd> + <dt><code>model</code></dt> + <dd>The model of the panic notifier device</dd> + </dl> + </body> </html> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index fd20ace..e48a63d 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -893,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success) for (i = 0; i < vm->def->nshmems; i++) virDomainAuditShmem(vm, vm->def->shmems[i], "start", true); + for (i = 0; i < vm->def->npanics; i++) + virDomainAuditPanic(vm, vm->def->panics[i], "start", true); + virDomainAuditMemory(vm, 0, virDomainDefGetMemoryTotal(vm->def), "start", true); virDomainAuditVcpu(vm, 0, virDomainDefGetVcpus(vm->def), "start", true); @@ -1006,3 +1009,38 @@ virDomainAuditShmem(virDomainObjPtr vm, VIR_FREE(shmem); return; } + +void +virDomainAuditPanic(virDomainObjPtr vm, + virDomainPanicDefPtr def, + const char *reason, + bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname = virAuditEncode("vm", vm->def->name); + const char *panic_model = virDomainPanicModelTypeToString(def->model); + char *model = virAuditEncode("model", VIR_AUDIT_STR(panic_model)); + const char *virt = virDomainVirtTypeToString(vm->def->virtType); + + virUUIDFormat(vm->def->uuid, uuidstr); + + if (!vmname || !model) { + VIR_WARN("OOM while encoding audit message"); + goto cleanup; + } + + if (!virt) { + VIR_WARN("Unexpected virt type %d while encoding audit message", + vm->def->virtType); + virt = "?"; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "virt=%s resrc=PanicNotifier reason=%s %s uuid=%s %s", + virt, reason, vmname, uuidstr, model); + + cleanup: + VIR_FREE(vmname); + VIR_FREE(model); + return; +} diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h index 8cb585d..10ecc2a 100644 --- a/src/conf/domain_audit.h +++ b/src/conf/domain_audit.h @@ -133,6 +133,10 @@ void virDomainAuditShmem(virDomainObjPtr vm, virDomainShmemDefPtr def, const char *reason, bool success) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); +void virDomainAuditPanic(virDomainObjPtr vm, + virDomainPanicDefPtr def, + const char *reason, bool success) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); #endif /* __VIR_DOMAIN_AUDIT_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 923afd1..94ec7cb 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -146,6 +146,7 @@ virDomainAuditIOThread; virDomainAuditMemory; virDomainAuditNet; virDomainAuditNetDevice; +virDomainAuditPanic; virDomainAuditRedirdev; virDomainAuditRNG; virDomainAuditSecurityLabel; -- 1.8.3.1