Re: [libvirt] [PATCH 05/10] conf:audit: introduce audit function for shared memory device
On Wed, Jun 17, 2015 at 11:56:16AM +0800, Luyao Huang wrote: Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/auditlog.html.in| 16 src/conf/domain_audit.c | 16 src/conf/domain_audit.h | 6 ++ src/libvirt_private.syms | 1 + 4 files changed, 39 insertions(+) diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in index 8a007ca..b168cbf 100644 --- a/docs/auditlog.html.in +++ b/docs/auditlog.html.in @@ -301,6 +301,22 @@ ddUpdated path of the backing character device for given emulated device/dd /dl +h4a name=typeresourceivshmemShared memory device/a/h4 +p + The codemsg/code field will include the following sub-fields +/p + +dl + dtreason/dt + ddThe reason which caused the resource to be assigned to happen/dd + dtresrc/dt + ddThe type of resource assigned. Set to codeshmem/code/dd + dtold-shmem/dt + ddOriginal memory size of share memory device in bytes, or 0/dd + dtnew-shmem/dt + ddUpdated memory size of share memory device in bytes/dd I don't think memory size is the thing audit cares about, it should be the name/path mostly. Even better if we could audit all of it (size, name, path). +/dl + h4a name=typeresourcesmartcardsmartcard/a/h4 p The codemsg/code field will include the following sub-fields diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 1900039..aa2b4b5 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -799,6 +799,19 @@ virDomainAuditIOThread(virDomainObjPtr vm, reason, success); } + +void +virDomainAuditShmem(virDomainObjPtr vm, +virDomainShmemDefPtr oldDef, virDomainShmemDefPtr newDef, +const char *reason, bool success) +{ +return virDomainAuditResource(vm, shmem, + oldDef ? oldDef-size : 0, + newDef ? newDef-size : 0, + reason, success); +} + + static void virDomainAuditLifecycle(virDomainObjPtr vm, const char *op, const char *reason, bool success) @@ -880,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success) for (i = 0; i vm-def-nrngs; i++) virDomainAuditRNG(vm, NULL, vm-def-rngs[i], start, true); +for (i = 0; i vm-def-nshmems; i++) +virDomainAuditShmem(vm, NULL, vm-def-shmems[i], start, true); + if (vm-def-tpm) virDomainAuditTPM(vm, vm-def-tpm, start, true); diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h index 97dadca..081cbb1 100644 --- a/src/conf/domain_audit.h +++ b/src/conf/domain_audit.h @@ -129,6 +129,12 @@ void virDomainAuditRNG(virDomainObjPtr vm, const char *reason, bool success) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditShmem(virDomainObjPtr vm, + virDomainShmemDefPtr oldDef, + virDomainShmemDefPtr newDef, + const char *reason, + bool success) +ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); #endif /* __VIR_DOMAIN_AUDIT_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index dc8a52d..3ceb4e3 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -134,6 +134,7 @@ virDomainAuditNetDevice; virDomainAuditRedirdev; virDomainAuditRNG; virDomainAuditSecurityLabel; +virDomainAuditShmem; virDomainAuditStart; virDomainAuditStop; virDomainAuditVcpu; -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 05/10] conf:audit: introduce audit function for shared memory device
On 07/08/2015 07:56 PM, Martin Kletzander wrote: On Wed, Jun 17, 2015 at 11:56:16AM +0800, Luyao Huang wrote: Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/auditlog.html.in| 16 src/conf/domain_audit.c | 16 src/conf/domain_audit.h | 6 ++ src/libvirt_private.syms | 1 + 4 files changed, 39 insertions(+) diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in index 8a007ca..b168cbf 100644 --- a/docs/auditlog.html.in +++ b/docs/auditlog.html.in @@ -301,6 +301,22 @@ ddUpdated path of the backing character device for given emulated device/dd /dl +h4a name=typeresourceivshmemShared memory device/a/h4 +p + The codemsg/code field will include the following sub-fields +/p + +dl + dtreason/dt + ddThe reason which caused the resource to be assigned to happen/dd + dtresrc/dt + ddThe type of resource assigned. Set to codeshmem/code/dd + dtold-shmem/dt + ddOriginal memory size of share memory device in bytes, or 0/dd + dtnew-shmem/dt + ddUpdated memory size of share memory device in bytes/dd I don't think memory size is the thing audit cares about, it should be the name/path mostly. Even better if we could audit all of it (size, name, path). Okay, i agreed with you, Thanks a lot for your review. Luyao +/dl + h4a name=typeresourcesmartcardsmartcard/a/h4 p The codemsg/code field will include the following sub-fields diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 1900039..aa2b4b5 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -799,6 +799,19 @@ virDomainAuditIOThread(virDomainObjPtr vm, reason, success); } + +void +virDomainAuditShmem(virDomainObjPtr vm, +virDomainShmemDefPtr oldDef, virDomainShmemDefPtr newDef, +const char *reason, bool success) +{ +return virDomainAuditResource(vm, shmem, + oldDef ? oldDef-size : 0, + newDef ? newDef-size : 0, + reason, success); +} + + static void virDomainAuditLifecycle(virDomainObjPtr vm, const char *op, const char *reason, bool success) @@ -880,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success) for (i = 0; i vm-def-nrngs; i++) virDomainAuditRNG(vm, NULL, vm-def-rngs[i], start, true); +for (i = 0; i vm-def-nshmems; i++) +virDomainAuditShmem(vm, NULL, vm-def-shmems[i], start, true); + if (vm-def-tpm) virDomainAuditTPM(vm, vm-def-tpm, start, true); diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h index 97dadca..081cbb1 100644 --- a/src/conf/domain_audit.h +++ b/src/conf/domain_audit.h @@ -129,6 +129,12 @@ void virDomainAuditRNG(virDomainObjPtr vm, const char *reason, bool success) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditShmem(virDomainObjPtr vm, + virDomainShmemDefPtr oldDef, + virDomainShmemDefPtr newDef, + const char *reason, + bool success) +ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); #endif /* __VIR_DOMAIN_AUDIT_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index dc8a52d..3ceb4e3 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -134,6 +134,7 @@ virDomainAuditNetDevice; virDomainAuditRedirdev; virDomainAuditRNG; virDomainAuditSecurityLabel; +virDomainAuditShmem; virDomainAuditStart; virDomainAuditStop; virDomainAuditVcpu; -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 05/10] conf:audit: introduce audit function for shared memory device
Signed-off-by: Luyao Huang lhu...@redhat.com --- docs/auditlog.html.in| 16 src/conf/domain_audit.c | 16 src/conf/domain_audit.h | 6 ++ src/libvirt_private.syms | 1 + 4 files changed, 39 insertions(+) diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in index 8a007ca..b168cbf 100644 --- a/docs/auditlog.html.in +++ b/docs/auditlog.html.in @@ -301,6 +301,22 @@ ddUpdated path of the backing character device for given emulated device/dd /dl +h4a name=typeresourceivshmemShared memory device/a/h4 +p + The codemsg/code field will include the following sub-fields +/p + +dl + dtreason/dt + ddThe reason which caused the resource to be assigned to happen/dd + dtresrc/dt + ddThe type of resource assigned. Set to codeshmem/code/dd + dtold-shmem/dt + ddOriginal memory size of share memory device in bytes, or 0/dd + dtnew-shmem/dt + ddUpdated memory size of share memory device in bytes/dd +/dl + h4a name=typeresourcesmartcardsmartcard/a/h4 p The codemsg/code field will include the following sub-fields diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 1900039..aa2b4b5 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -799,6 +799,19 @@ virDomainAuditIOThread(virDomainObjPtr vm, reason, success); } + +void +virDomainAuditShmem(virDomainObjPtr vm, +virDomainShmemDefPtr oldDef, virDomainShmemDefPtr newDef, +const char *reason, bool success) +{ +return virDomainAuditResource(vm, shmem, + oldDef ? oldDef-size : 0, + newDef ? newDef-size : 0, + reason, success); +} + + static void virDomainAuditLifecycle(virDomainObjPtr vm, const char *op, const char *reason, bool success) @@ -880,6 +893,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success) for (i = 0; i vm-def-nrngs; i++) virDomainAuditRNG(vm, NULL, vm-def-rngs[i], start, true); +for (i = 0; i vm-def-nshmems; i++) +virDomainAuditShmem(vm, NULL, vm-def-shmems[i], start, true); + if (vm-def-tpm) virDomainAuditTPM(vm, vm-def-tpm, start, true); diff --git a/src/conf/domain_audit.h b/src/conf/domain_audit.h index 97dadca..081cbb1 100644 --- a/src/conf/domain_audit.h +++ b/src/conf/domain_audit.h @@ -129,6 +129,12 @@ void virDomainAuditRNG(virDomainObjPtr vm, const char *reason, bool success) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); +void virDomainAuditShmem(virDomainObjPtr vm, + virDomainShmemDefPtr oldDef, + virDomainShmemDefPtr newDef, + const char *reason, + bool success) +ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4); #endif /* __VIR_DOMAIN_AUDIT_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index dc8a52d..3ceb4e3 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -134,6 +134,7 @@ virDomainAuditNetDevice; virDomainAuditRedirdev; virDomainAuditRNG; virDomainAuditSecurityLabel; +virDomainAuditShmem; virDomainAuditStart; virDomainAuditStop; virDomainAuditVcpu; -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list