#include "domain_nwfilter.h"
#include "hooks.h"
#include "storage_file.h"
+#include "virtaudit.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
virDomainObjPtr vm,
int migrated);
+static void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success);
+static void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason);
+
static int qemudDomainGetMaxVcpus(virDomainPtr dom);
static int qemuDetectVcpuPIDs(struct qemud_driver *driver,
VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
qemudShutdownVMDaemon(driver, vm, 0);
+ qemuDomainStopAudit(vm, hasError ? "failed" : "shutdown");
+
if (!vm->persistent)
virDomainRemoveInactive(&driver->domains, vm);
else
static int qemuDomainSnapshotSetInactive(virDomainObjPtr vm,
char *snapshotDir);
+static void qemuDomainLifecycleAudit(virDomainObjPtr vm,
+ const char *op,
+ const char *reason,
+ bool success)
+{
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ char *vmname;
+
+ virUUIDFormat(vm->def->uuid, uuidstr);
+ if (!(vmname = virAuditEncode("vm", vm->def->name))) {
+ VIR_WARN0("OOM while encoding audit message");
+ return;
+ }
+
+ VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, success,
+ "op=%s reason=%s %s uuid=%s", op, reason, vmname, uuidstr);
+
+ VIR_FREE(vmname);
+}
+
+static void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success)
+{
+ qemuDomainLifecycleAudit(vm, "start", reason, success);
+}
+
+static void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason)
+{
+ qemuDomainLifecycleAudit(vm, "stop", reason, true);
+}
+
static int qemudStartVMDaemon(virConnectPtr conn,
struct qemud_driver *driver,
virDomainObjPtr vm,
if (qemudStartVMDaemon(conn, driver, vm, NULL,
(flags & VIR_DOMAIN_START_PAUSED) != 0,
-1, NULL) < 0) {
+ qemuDomainStartAudit(vm, "booted", false);
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains,
vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_BOOTED);
+ qemuDomainStartAudit(vm, "booted", true);
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) dom->id = vm->def->id;
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
+ qemuDomainStopAudit(vm, "destroyed");
+
if (!vm->persistent) {
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains,
/* Shut it down */
qemudShutdownVMDaemon(driver, vm, 0);
+ qemuDomainStopAudit(vm, "saved");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_SAVED);
endjob:
if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
qemudShutdownVMDaemon(driver, vm, 0);
+ qemuDomainStopAudit(vm, "crashed");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_CRASHED);
}
}
- if (ret < 0)
+ if (ret < 0) {
+ qemuDomainStartAudit(vm, "restored", false);
goto out;
+ }
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_RESTORED);
+ qemuDomainStartAudit(vm, "restored", true);
if (event)
qemuDomainEventQueue(driver, event);
}
ret = qemudStartVMDaemon(conn, driver, vm, NULL, start_paused, -1, NULL);
- if (ret != -1) {
+ qemuDomainStartAudit(vm, "booted", ret >= 0);
+ if (ret >= 0) {
virDomainEventPtr event =
virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
-1, NULL);
VIR_FREE(migrateFrom);
if (internalret < 0) {
+ qemuDomainStartAudit(vm, "migrated", false);
/* Note that we don't set an error here because qemudStartVMDaemon
* should have already done that.
*/
qemust = qemuStreamMigOpen(st, unixfile);
if (qemust == NULL) {
+ qemuDomainStartAudit(vm, "migrated", false);
qemudShutdownVMDaemon(driver, vm, 0);
if (!vm->persistent) {
if (qemuDomainObjEndJob(vm) > 0)
st->driver = &qemuStreamMigDrv;
st->privateData = qemust;
+ qemuDomainStartAudit(vm, "migrated", true);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_MIGRATED);
snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port);
if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, true,
-1, NULL) < 0) {
+ qemuDomainStartAudit(vm, "migrated", false);
/* Note that we don't set an error here because qemudStartVMDaemon
* should have already done that.
*/
goto endjob;
}
+ qemuDomainStartAudit(vm, "migrated", true);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_MIGRATED);
/* Clean up the source domain. */
qemudShutdownVMDaemon(driver, vm, 1);
+ qemuDomainStopAudit(vm, "migrated");
resume = 0;
event = virDomainEventNewFromObj(vm,
}
} else {
qemudShutdownVMDaemon(driver, vm, 1);
+ qemuDomainStopAudit(vm, "failed");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FAILED);
rc = qemudStartVMDaemon(snapshot->domain->conn, driver, vm, NULL,
false, -1, NULL);
+ qemuDomainStartAudit(vm, "from-snapshot", rc >= 0);
if (qemuDomainSnapshotSetInactive(vm, driver->snapshotDir) < 0)
goto endjob;
if (rc < 0)
if (virDomainObjIsActive(vm)) {
qemudShutdownVMDaemon(driver, vm, 0);
+ qemuDomainStopAudit(vm, "from-snapshot");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT);
projects / thirdparty / libvirt.git / commitdiff
