Re: [libvirt] [PATCHv3 2/2] audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net

On 03/10/2011 09:16 AM, Laine Stump wrote: > On 03/09/2011 03:42 PM, Eric Blake wrote: >> Opening raw network devices with the intent of passing those fds to >> qemu is worth an audit point. Hmm, we really ought to have some sort of documentation that describes all possible audit messages, but t

Re: [libvirt] [PATCHv3 2/2] audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net

On 03/09/2011 03:42 PM, Eric Blake wrote: Opening raw network devices with the intent of passing those fds to qemu is worth an audit point. This makes a multi-part audit: first, we audit the device(s) that libvirt opens on behalf of the MAC address of a to-be-created interface (which can indepen

[libvirt] [PATCHv3 2/2] audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net

Opening raw network devices with the intent of passing those fds to qemu is worth an audit point. This makes a multi-part audit: first, we audit the device(s) that libvirt opens on behalf of the MAC address of a to-be-created interface (which can independently succeed or fail), then we audit wheth