Re: [libvirt] [PATCH 2/4] Audit VM start/stop/suspend/resume
On Tue, Oct 12, 2010 at 06:32:16PM +0100, Daniel P. Berrange wrote: From: Miloslav Trmač m...@redhat.com Most operations are audited at the libvirtd level; auditing in src/libvirt.c would result in two audit entries per operation (one in the client, one in libvirtd). The only exception is a domain stopping of its own will (e.g. because the user clicks on shutdown inside the interface). There can often be no client connected at the time the domain stops, so libvirtd does not have any virConnectPtr object on which to attach an event watch. This patch therefore adds auditing directly inside the qemu driver (other drivers are not supported). Looks fine but using base64 transfer encoding: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Sender: libvir-list-boun...@redhat.com Errors-To: libvir-list-boun...@redhat.com Status: RO RnJvbTogTWlsb3NsYXYgVHJtYcSNIDxtaXRyQHJlZGhhdC5jb20+CgpNb3N0IG9wZXJhdGlvbnMg YXJlIGF1ZGl0ZWQgYXQgdGhlIGxpYnZpcnRkIGxldmVsOyBhdWRpdGluZyBpbgpzcmMvbGlidmly makes applying the patch way harder than it should. I wonder why mails 2, 3 and 4 got the problem nut not 1/4 puzzled, could you have a look ? Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/4] Audit VM start/stop/suspend/resume
On Thu, Oct 14, 2010 at 04:09:41PM +0200, Daniel Veillard wrote: On Tue, Oct 12, 2010 at 06:32:16PM +0100, Daniel P. Berrange wrote: From: Miloslav Trmač m...@redhat.com Most operations are audited at the libvirtd level; auditing in src/libvirt.c would result in two audit entries per operation (one in the client, one in libvirtd). The only exception is a domain stopping of its own will (e.g. because the user clicks on shutdown inside the interface). There can often be no client connected at the time the domain stops, so libvirtd does not have any virConnectPtr object on which to attach an event watch. This patch therefore adds auditing directly inside the qemu driver (other drivers are not supported). Looks fine but using base64 transfer encoding: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Sender: libvir-list-boun...@redhat.com Errors-To: libvir-list-boun...@redhat.com Status: RO RnJvbTogTWlsb3NsYXYgVHJtYcSNIDxtaXRyQHJlZGhhdC5jb20+CgpNb3N0IG9wZXJhdGlvbnMg YXJlIGF1ZGl0ZWQgYXQgdGhlIGxpYnZpcnRkIGxldmVsOyBhdWRpdGluZyBpbgpzcmMvbGlidmly makes applying the patch way harder than it should. I wonder why mails 2, 3 and 4 got the problem nut not 1/4 puzzled, could you have a look ? I just used git send-email as normal. It is probably the magic characters in Miloslav's name that convinced git to change to a diffrent content encoding Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/4] Audit VM start/stop/suspend/resume
On Thu, Oct 14, 2010 at 03:16:42PM +0100, Daniel P. Berrange wrote: On Thu, Oct 14, 2010 at 04:09:41PM +0200, Daniel Veillard wrote: On Tue, Oct 12, 2010 at 06:32:16PM +0100, Daniel P. Berrange wrote: From: Miloslav Trmač m...@redhat.com Most operations are audited at the libvirtd level; auditing in src/libvirt.c would result in two audit entries per operation (one in the client, one in libvirtd). The only exception is a domain stopping of its own will (e.g. because the user clicks on shutdown inside the interface). There can often be no client connected at the time the domain stops, so libvirtd does not have any virConnectPtr object on which to attach an event watch. This patch therefore adds auditing directly inside the qemu driver (other drivers are not supported). Looks fine but using base64 transfer encoding: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Sender: libvir-list-boun...@redhat.com Errors-To: libvir-list-boun...@redhat.com Status: RO RnJvbTogTWlsb3NsYXYgVHJtYcSNIDxtaXRyQHJlZGhhdC5jb20+CgpNb3N0IG9wZXJhdGlvbnMg YXJlIGF1ZGl0ZWQgYXQgdGhlIGxpYnZpcnRkIGxldmVsOyBhdWRpdGluZyBpbgpzcmMvbGlidmly makes applying the patch way harder than it should. I wonder why mails 2, 3 and 4 got the problem nut not 1/4 puzzled, could you have a look ? I just used git send-email as normal. It is probably the magic characters in Miloslav's name that convinced git to change to a diffrent content encoding Ahhh, well with vim selecting the block and using :','!base64 -d does the trick, but it slows things down Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/4] Audit VM start/stop/suspend/resume
From: Miloslav Trmač m...@redhat.com
Most operations are audited at the libvirtd level; auditing in
src/libvirt.c would result in two audit entries per operation (one in
the client, one in libvirtd).
The only exception is a domain stopping of its own will (e.g. because
the user clicks on shutdown inside the interface). There can often be
no client connected at the time the domain stops, so libvirtd does not
have any virConnectPtr object on which to attach an event watch. This
patch therefore adds auditing directly inside the qemu driver (other
drivers are not supported).
---
daemon/remote.c| 135
src/qemu/qemu_driver.c |8 +++
2 files changed, 133 insertions(+), 10 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 6b67678..30c9031 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -57,6 +57,8 @@
#include memory.h
#include util.h
#include stream.h
+#include uuid.h
+#include virtaudit.h
#include libvirt/libvirt-qemu.h
#define VIR_FROM_THIS VIR_FROM_REMOTE
@@ -1213,6 +1215,8 @@ remoteDispatchDomainCreate (struct qemud_server *server
ATTRIBUTE_UNUSED,
void *ret ATTRIBUTE_UNUSED)
{
virDomainPtr dom;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+int r;
dom = get_nonnull_domain (conn, args-dom);
if (dom == NULL) {
@@ -1220,11 +1224,18 @@ remoteDispatchDomainCreate (struct qemud_server *server
ATTRIBUTE_UNUSED,
return -1;
}
-if (virDomainCreate (dom) == -1) {
+r = virDomainCreate(dom);
+
+virUUIDFormat(dom-uuid, uuidstr);
+VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
+ op=start name=%s uuid=%s, dom-name, uuidstr);
+
+if (r == -1) {
virDomainFree(dom);
remoteDispatchConnError(rerr, conn);
return -1;
}
+
virDomainFree(dom);
return 0;
}
@@ -1239,6 +1250,8 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server
*server ATTRIBUTE_UNUSE
remote_domain_create_with_flags_ret *ret)
{
virDomainPtr dom;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+int r;
dom = get_nonnull_domain (conn, args-dom);
if (dom == NULL) {
@@ -1246,7 +1259,15 @@ remoteDispatchDomainCreateWithFlags (struct qemud_server
*server ATTRIBUTE_UNUSE
return -1;
}
-if (virDomainCreateWithFlags (dom, args-flags) == -1) {
+r = virDomainCreateWithFlags(dom, args-flags);
+
+virUUIDFormat(dom-uuid, uuidstr);
+VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
+ op=%s name=%s uuid=%s,
+ (args-flags VIR_DOMAIN_START_PAUSED) !=
+ 0 ? start-paused : start, dom-name, uuidstr);
+
+if (r == -1) {
virDomainFree(dom);
remoteDispatchConnError(rerr, conn);
return -1;
@@ -1267,13 +1288,20 @@ remoteDispatchDomainCreateXml (struct qemud_server
*server ATTRIBUTE_UNUSED,
remote_domain_create_xml_ret *ret)
{
virDomainPtr dom;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
dom = virDomainCreateXML (conn, args-xml_desc, args-flags);
if (dom == NULL) {
+VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 0,
+ op=start name=? uuid=?);
remoteDispatchConnError(rerr, conn);
return -1;
}
+virUUIDFormat(dom-uuid, uuidstr);
+VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, 1, op=start name=%s uuid=%s,
+ dom-name, uuidstr);
+
make_nonnull_domain (ret-dom, dom);
virDomainFree(dom);
@@ -1313,6 +1341,8 @@ remoteDispatchDomainDestroy (struct qemud_server *server
ATTRIBUTE_UNUSED,
void *ret ATTRIBUTE_UNUSED)
{
virDomainPtr dom;
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+int r;
dom = get_nonnull_domain (conn, args-dom);
if (dom == NULL) {
@@ -1320,7 +1350,13 @@ remoteDispatchDomainDestroy (struct qemud_server *server
ATTRIBUTE_UNUSED,
return -1;
}
-if (virDomainDestroy (dom) == -1) {
+r = virDomainDestroy(dom);
+
+virUUIDFormat(dom-uuid, uuidstr);
+VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, r != -1,
+ op=stop name=%s uuid=%s, dom-name, uuidstr);
+
+if (r == -1) {
virDomainFree(dom);
remoteDispatchConnError(rerr, conn);
return -1;
@@ -1778,6 +1814,8 @@ remoteDispatchDomainMigratePrepare (struct qemud_server
*server ATTRIBUTE_UNUSED
r = virDomainMigratePrepare (conn, cookie, cookielen,
uri_in, uri_out,
args-flags, dname, args-resource);
+/* This creates a VM, but we don't audit it until the migration succeeds
+ and the VM actually starts. */
if (r == -1) {
VIR_FREE(uri_out);
remoteDispatchConnError(rerr, conn);
@@ -1810,7 +1848,7 @@ remoteDispatchDomainMigratePerform (struct qemud_server
*server ATTRIBUTE_UNUSED
{
int r;
