DOMAIN_CONF_SOURCES = \
conf/capabilities.c conf/capabilities.h \
conf/domain_conf.c conf/domain_conf.h \
+ conf/domain_audit.c conf/domain_audit.h \
conf/domain_nwfilter.c conf/domain_nwfilter.h
DOMAIN_EVENT_SOURCES = \
qemu/qemu_capabilities.c qemu/qemu_capabilities.h\
qemu/qemu_command.c qemu/qemu_command.h \
qemu/qemu_domain.c qemu/qemu_domain.h \
- qemu/qemu_audit.c qemu/qemu_audit.h \
qemu/qemu_cgroup.c qemu/qemu_cgroup.h \
qemu/qemu_hostdev.c qemu/qemu_hostdev.h \
qemu/qemu_hotplug.c qemu/qemu_hotplug.h \
/*
- * qemu_audit.c: QEMU audit management
+ * domain_audit.c: Domain audit management
*
* Copyright (C) 2006-2011 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
#include <sys/stat.h>
#include <sys/types.h>
-#include "qemu_audit.h"
+#include "domain_audit.h"
#include "viraudit.h"
#include "uuid.h"
#include "logging.h"
* for other file types, stat failure, or allocation failure. */
#if defined major && defined minor
static char *
-qemuAuditGetRdev(const char *path)
+virDomainAuditGetRdev(const char *path)
{
char *ret = NULL;
struct stat sb;
}
#else
static char *
-qemuAuditGetRdev(const char *path ATTRIBUTE_UNUSED)
+virDomainAuditGetRdev(const char *path ATTRIBUTE_UNUSED)
{
return NULL;
}
#endif
void
-qemuAuditDisk(virDomainObjPtr vm,
- virDomainDiskDefPtr oldDef, virDomainDiskDefPtr newDef,
- const char *reason, bool success)
+virDomainAuditDisk(virDomainObjPtr vm,
+ virDomainDiskDefPtr oldDef, virDomainDiskDefPtr newDef,
+ const char *reason, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
void
-qemuAuditNet(virDomainObjPtr vm,
- virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
- const char *reason, bool success)
+virDomainAuditNet(virDomainObjPtr vm,
+ virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
+ const char *reason, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char newMacstr[VIR_MAC_STRING_BUFLEN];
}
/**
- * qemuAuditNetDevice:
+ * virDomainAuditNetDevice:
* @vm: domain opening a network-related device
* @def: details of network device that fd will be tied to
* @device: device being opened (such as /dev/vhost-net,
* /dev/net/tun, /dev/tanN). Note that merely opening a device
- * does not mean that qemu owns it; a followup qemuAuditNet
+ * does not mean that virDomain owns it; a followup virDomainAuditNet
* shows whether the fd was passed on.
* @success: true if the device was opened
*
* Log an audit message about an attempted network device open.
*/
void
-qemuAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
- const char *device, bool success)
+virDomainAuditNetDevice(virDomainDefPtr vmDef, virDomainNetDefPtr netDef,
+ const char *device, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char macstr[VIR_MAC_STRING_BUFLEN];
virUUIDFormat(vmDef->uuid, uuidstr);
virFormatMacAddr(netDef->mac, macstr);
- rdev = qemuAuditGetRdev(device);
+ rdev = virDomainAuditGetRdev(device);
if (!(vmname = virAuditEncode("vm", vmDef->name)) ||
!(devname = virAuditEncode("path", device))) {
}
/**
- * qemuAuditHostdev:
+ * virDomainAuditHostdev:
* @vm: domain making a change in pass-through host device
* @hostdev: device being attached or removed
* @reason: one of "start", "attach", or "detach"
* Log an audit message about an attempted device passthrough change.
*/
void
-qemuAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
- const char *reason, bool success)
+virDomainAuditHostdev(virDomainObjPtr vm, virDomainHostdevDefPtr hostdev,
+ const char *reason, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
/**
- * qemuAuditCgroup:
+ * virDomainAuditCgroup:
* @vm: domain making the cgroups ACL change
* @cgroup: cgroup that manages the devices
* @reason: either "allow" or "deny"
* @extra: additional details, in the form "all",
* "major category=xyz maj=nn", or "path path=xyz dev=nn:mm" (the
- * latter two are generated by qemuAuditCgroupMajor and
- * qemuAuditCgroupPath).
+ * latter two are generated by virDomainAuditCgroupMajor and
+ * virDomainAuditCgroupPath).
* @success: true if the cgroup operation succeeded
*
* Log an audit message about an attempted cgroup device ACL change.
*/
void
-qemuAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
- const char *reason, const char *extra, bool success)
+virDomainAuditCgroup(virDomainObjPtr vm, virCgroupPtr cgroup,
+ const char *reason, const char *extra, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
}
/**
- * qemuAuditCgroupMajor:
+ * virDomainAuditCgroupMajor:
* @vm: domain making the cgroups ACL change
* @cgroup: cgroup that manages the devices
* @reason: either "allow" or "deny"
* Log an audit message about an attempted cgroup device ACL change.
*/
void
-qemuAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup,
- const char *reason, int maj, const char *name,
- const char *perms, bool success)
+virDomainAuditCgroupMajor(virDomainObjPtr vm, virCgroupPtr cgroup,
+ const char *reason, int maj, const char *name,
+ const char *perms, bool success)
{
char *extra;
return;
}
- qemuAuditCgroup(vm, cgroup, reason, extra, success);
+ virDomainAuditCgroup(vm, cgroup, reason, extra, success);
VIR_FREE(extra);
}
/**
- * qemuAuditCgroupPath:
+ * virDomainAuditCgroupPath:
* @vm: domain making the cgroups ACL change
* @cgroup: cgroup that manages the devices
* @reason: either "allow" or "deny"
* a specific device.
*/
void
-qemuAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
- const char *reason, const char *path, const char *perms,
- int rc)
+virDomainAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup,
+ const char *reason, const char *path, const char *perms,
+ int rc)
{
char *detail;
char *rdev;
if (rc > 0)
return;
- rdev = qemuAuditGetRdev(path);
+ rdev = virDomainAuditGetRdev(path);
if (!(detail = virAuditEncode("path", path)) ||
virAsprintf(&extra, "path path=%s rdev=%s acl=%s",
goto cleanup;
}
- qemuAuditCgroup(vm, cgroup, reason, extra, rc == 0);
+ virDomainAuditCgroup(vm, cgroup, reason, extra, rc == 0);
cleanup:
VIR_FREE(extra);
}
/**
- * qemuAuditResource:
+ * virDomainAuditResource:
* @vm: domain making an integer resource change
* @resource: name of the resource: "mem" or "vcpu"
* @oldval: the old value of the resource
* Log an audit message about an attempted resource change.
*/
static void
-qemuAuditResource(virDomainObjPtr vm, const char *resource,
- unsigned long long oldval, unsigned long long newval,
- const char *reason, bool success)
+virDomainAuditResource(virDomainObjPtr vm, const char *resource,
+ unsigned long long oldval, unsigned long long newval,
+ const char *reason, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
}
void
-qemuAuditMemory(virDomainObjPtr vm,
- unsigned long long oldmem, unsigned long long newmem,
- const char *reason, bool success)
+virDomainAuditMemory(virDomainObjPtr vm,
+ unsigned long long oldmem, unsigned long long newmem,
+ const char *reason, bool success)
{
- return qemuAuditResource(vm, "mem", oldmem, newmem, reason, success);
+ return virDomainAuditResource(vm, "mem", oldmem, newmem, reason, success);
}
void
-qemuAuditVcpu(virDomainObjPtr vm,
- unsigned int oldvcpu, unsigned int newvcpu,
- const char *reason, bool success)
+virDomainAuditVcpu(virDomainObjPtr vm,
+ unsigned int oldvcpu, unsigned int newvcpu,
+ const char *reason, bool success)
{
- return qemuAuditResource(vm, "vcpu", oldvcpu, newvcpu, reason, success);
+ return virDomainAuditResource(vm, "vcpu", oldvcpu, newvcpu, reason, success);
}
static void
-qemuAuditLifecycle(virDomainObjPtr vm, const char *op,
- const char *reason, bool success)
+virDomainAuditLifecycle(virDomainObjPtr vm, const char *op,
+ const char *reason, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
void
-qemuAuditDomainStart(virDomainObjPtr vm, const char *reason, bool success)
+virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
{
int i;
for (i = 0 ; i < vm->def->ndisks ; i++) {
virDomainDiskDefPtr disk = vm->def->disks[i];
if (disk->src) /* Skips CDROM without media initially inserted */
- qemuAuditDisk(vm, NULL, disk, "start", true);
+ virDomainAuditDisk(vm, NULL, disk, "start", true);
}
for (i = 0 ; i < vm->def->nnets ; i++) {
virDomainNetDefPtr net = vm->def->nets[i];
- qemuAuditNet(vm, NULL, net, "start", true);
+ virDomainAuditNet(vm, NULL, net, "start", true);
}
for (i = 0 ; i < vm->def->nhostdevs ; i++) {
virDomainHostdevDefPtr hostdev = vm->def->hostdevs[i];
- qemuAuditHostdev(vm, hostdev, "start", true);
+ virDomainAuditHostdev(vm, hostdev, "start", true);
}
- qemuAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true);
- qemuAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
+ virDomainAuditMemory(vm, 0, vm->def->mem.cur_balloon, "start", true);
+ virDomainAuditVcpu(vm, 0, vm->def->vcpus, "start", true);
- qemuAuditLifecycle(vm, "start", reason, success);
+ virDomainAuditLifecycle(vm, "start", reason, success);
}
void
-qemuAuditDomainStop(virDomainObjPtr vm, const char *reason)
+virDomainAuditStop(virDomainObjPtr vm, const char *reason)
{
- qemuAuditLifecycle(vm, "stop", reason, true);
+ virDomainAuditLifecycle(vm, "stop", reason, true);
}
void
-qemuAuditSecurityLabel(virDomainObjPtr vm, bool success)
+virDomainAuditSecurityLabel(virDomainObjPtr vm, bool success)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
--- /dev/null
+/*
+ * domain_audit.c: Domain audit management
+ *
+ * Copyright (C) 2006-2011 Red Hat, Inc.
+ * Copyright (C) 2006 Daniel P. Berrange
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Daniel P. Berrange <berrange@redhat.com>
+ */
+
+#ifndef __VIR_DOMAIN_AUDIT_H__
+# define __VIR_DOMAIN_AUDIT_H__
+
+# include "domain_conf.h"
+# include "cgroup.h"
+
+void virDomainAuditStart(virDomainObjPtr vm,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+void virDomainAuditStop(virDomainObjPtr vm,
+ const char *reason)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+void virDomainAuditDisk(virDomainObjPtr vm,
+ virDomainDiskDefPtr oldDef,
+ virDomainDiskDefPtr newDef,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditNet(virDomainObjPtr vm,
+ virDomainNetDefPtr oldDef,
+ virDomainNetDefPtr newDef,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditNetDevice(virDomainDefPtr vmDef,
+ virDomainNetDefPtr netDef,
+ const char *device,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditHostdev(virDomainObjPtr vm,
+ virDomainHostdevDefPtr def,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditCgroup(virDomainObjPtr vm,
+ virCgroupPtr group,
+ const char *reason,
+ const char *extra,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+ ATTRIBUTE_NONNULL(4);
+void virDomainAuditCgroupMajor(virDomainObjPtr vm,
+ virCgroupPtr group,
+ const char *reason,
+ int maj,
+ const char *name,
+ const char *perms,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+ ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6);
+void virDomainAuditCgroupPath(virDomainObjPtr vm,
+ virCgroupPtr group,
+ const char *reason,
+ const char *path,
+ const char *perms,
+ int rc)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+ ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
+void virDomainAuditMemory(virDomainObjPtr vm,
+ unsigned long long oldmem,
+ unsigned long long newmem,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditVcpu(virDomainObjPtr vm,
+ unsigned int oldvcpu,
+ unsigned int newvcpu,
+ const char *reason,
+ bool success)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
+void virDomainAuditSecurityLabel(virDomainObjPtr vm,
+ bool success)
+ ATTRIBUTE_NONNULL(1);
+
+#endif /* __VIR_DOMAIN_AUDIT_H__ */
dnsmasqSave;
+# domain_audit.h
+virDomainAuditCgroup;
+virDomainAuditCgroupMajor;
+virDomainAuditCgroupPath;
+virDomainAuditDisk;
+virDomainAuditHostdev;
+virDomainAuditMemory;
+virDomainAuditNet;
+virDomainAuditNetDevice;
+virDomainAuditSecurityLabel;
+virDomainAuditStart;
+virDomainAuditStop;
+virDomainAuditVcpu;
+
+
# domain_conf.h
virDiskNameToBusDeviceIndex;
virDiskNameToIndex;
+++ /dev/null
-/*
- * qemu_audit.h: QEMU audit management
- *
- * Copyright (C) 2006-2011 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * Author: Daniel P. Berrange <berrange@redhat.com>
- */
-
-#ifndef __QEMU_AUDIT_H__
-# define __QEMU_AUDIT_H__
-
-# include "domain_conf.h"
-# include "cgroup.h"
-
-void qemuAuditDomainStart(virDomainObjPtr vm,
- const char *reason,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
-void qemuAuditDomainStop(virDomainObjPtr vm,
- const char *reason)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
-void qemuAuditDisk(virDomainObjPtr vm,
- virDomainDiskDefPtr oldDef,
- virDomainDiskDefPtr newDef,
- const char *reason,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditNet(virDomainObjPtr vm,
- virDomainNetDefPtr oldDef,
- virDomainNetDefPtr newDef,
- const char *reason,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditNetDevice(virDomainDefPtr vmDef,
- virDomainNetDefPtr netDef,
- const char *device,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
-void qemuAuditHostdev(virDomainObjPtr vm,
- virDomainHostdevDefPtr def,
- const char *reason,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
-void qemuAuditCgroup(virDomainObjPtr vm,
- virCgroupPtr group,
- const char *reason,
- const char *extra,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
- ATTRIBUTE_NONNULL(4);
-void qemuAuditCgroupMajor(virDomainObjPtr vm,
- virCgroupPtr group,
- const char *reason,
- int maj,
- const char *name,
- const char *perms,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
- ATTRIBUTE_NONNULL(5) ATTRIBUTE_NONNULL(6);
-void qemuAuditCgroupPath(virDomainObjPtr vm,
- virCgroupPtr group,
- const char *reason,
- const char *path,
- const char *perms,
- int rc)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
- ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
-void qemuAuditMemory(virDomainObjPtr vm,
- unsigned long long oldmem,
- unsigned long long newmem,
- const char *reason,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditVcpu(virDomainObjPtr vm,
- unsigned int oldvcpu,
- unsigned int newvcpu,
- const char *reason,
- bool success)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
-void qemuAuditSecurityLabel(virDomainObjPtr vm,
- bool success)
- ATTRIBUTE_NONNULL(1);
-
-#endif /* __QEMU_AUDIT_H__ */
#include "memory.h"
#include "virterror_internal.h"
#include "util.h"
-#include "qemu_audit.h"
+#include "domain_audit.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
rc = virCgroupAllowDevicePath(data->cgroup, path,
(disk->readonly ? VIR_CGROUP_DEVICE_READ
: VIR_CGROUP_DEVICE_RW));
- qemuAuditCgroupPath(data->vm, data->cgroup, "allow", path,
- disk->readonly ? "r" : "rw", rc);
+ virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path,
+ disk->readonly ? "r" : "rw", rc);
if (rc < 0) {
if (rc == -EACCES) { /* Get this for root squash NFS */
VIR_DEBUG("Ignoring EACCES for %s", path);
VIR_DEBUG("Process path %s for disk", path);
rc = virCgroupDenyDevicePath(data->cgroup, path,
VIR_CGROUP_DEVICE_RWM);
- qemuAuditCgroupPath(data->vm, data->cgroup, "deny", path, "rwm", rc);
+ virDomainAuditCgroupPath(data->vm, data->cgroup, "deny", path, "rwm", rc);
if (rc < 0) {
if (rc == -EACCES) { /* Get this for root squash NFS */
VIR_DEBUG("Ignoring EACCES for %s", path);
VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path);
rc = virCgroupAllowDevicePath(data->cgroup, dev->source.data.file.path,
VIR_CGROUP_DEVICE_RW);
- qemuAuditCgroupPath(data->vm, data->cgroup, "allow",
- dev->source.data.file.path, "rw", rc);
+ virDomainAuditCgroupPath(data->vm, data->cgroup, "allow",
+ dev->source.data.file.path, "rw", rc);
if (rc < 0) {
virReportSystemError(-rc,
_("Unable to allow device %s for %s"),
VIR_DEBUG("Process path '%s' for USB device", path);
rc = virCgroupAllowDevicePath(data->cgroup, path,
VIR_CGROUP_DEVICE_RW);
- qemuAuditCgroupPath(data->vm, data->cgroup, "allow", path, "rw", rc);
+ virDomainAuditCgroupPath(data->vm, data->cgroup, "allow", path, "rw", rc);
if (rc < 0) {
virReportSystemError(-rc,
_("Unable to allow device %s"),
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) {
qemuCgroupData data = { vm, cgroup };
rc = virCgroupDenyAllDevices(cgroup);
- qemuAuditCgroup(vm, cgroup, "deny", "all", rc == 0);
+ virDomainAuditCgroup(vm, cgroup, "deny", "all", rc == 0);
if (rc != 0) {
if (rc == -EPERM) {
VIR_WARN("Group devices ACL is not accessible, disabling whitelisting");
rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR,
VIR_CGROUP_DEVICE_RW);
- qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR,
- "pty", "rw", rc == 0);
+ virDomainAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR,
+ "pty", "rw", rc == 0);
if (rc != 0) {
virReportSystemError(-rc, "%s",
_("unable to allow /dev/pts/ devices"));
(vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) {
rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR,
VIR_CGROUP_DEVICE_RW);
- qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_SND_MAJOR,
- "sound", "rw", rc == 0);
+ virDomainAuditCgroupMajor(vm, cgroup, "allow", DEVICE_SND_MAJOR,
+ "sound", "rw", rc == 0);
if (rc != 0) {
virReportSystemError(-rc, "%s",
_("unable to allow /dev/snd/ devices"));
for (i = 0; deviceACL[i] != NULL ; i++) {
rc = virCgroupAllowDevicePath(cgroup, deviceACL[i],
VIR_CGROUP_DEVICE_RW);
- qemuAuditCgroupPath(vm, cgroup, "allow", deviceACL[i], "rw", rc);
+ virDomainAuditCgroupPath(vm, cgroup, "allow", deviceACL[i], "rw", rc);
if (rc < 0 &&
rc != -ENOENT) {
virReportSystemError(-rc,
#include "uuid.h"
#include "c-ctype.h"
#include "domain_nwfilter.h"
-#include "qemu_audit.h"
+#include "domain_audit.h"
#include "domain_conf.h"
#include <sys/utsname.h>
&net->data.direct.virtPortProfile, &res_ifname,
vmop, driver->stateDir);
if (rc >= 0) {
- qemuAuditNetDevice(def, net, res_ifname, true);
+ virDomainAuditNetDevice(def, net, res_ifname, true);
VIR_FREE(net->ifname);
net->ifname = res_ifname;
}
tapmac[0] = 0xFE; /* Discourage bridge from using TAP dev MAC */
err = brAddTap(driver->brctl, brname, &net->ifname, tapmac,
vnet_hdr, true, &tapfd);
- qemuAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0);
+ virDomainAuditNetDevice(def, net, "/dev/net/tun", tapfd >= 0);
if (err) {
if (err == ENOTSUP) {
/* In this particular case, give a better diagnostic. */
}
*vhostfd = open("/dev/vhost-net", O_RDWR);
- qemuAuditNetDevice(def, net, "/dev/vhost-net", *vhostfd >= 0);
+ virDomainAuditNetDevice(def, net, "/dev/vhost-net", *vhostfd >= 0);
/* If the config says explicitly to use vhost and we couldn't open it,
* report an error.
#include "qemu_hotplug.h"
#include "qemu_monitor.h"
#include "qemu_bridge_filter.h"
-#include "qemu_audit.h"
#include "qemu_process.h"
#include "qemu_migration.h"
#include "memory.h"
#include "uuid.h"
#include "domain_conf.h"
+#include "domain_audit.h"
#include "node_device_conf.h"
#include "pci.h"
#include "hostusb.h"
(flags & VIR_DOMAIN_START_PAUSED) != 0,
(flags & VIR_DOMAIN_START_AUTODESTROY) != 0,
-1, NULL, VIR_VM_OP_CREATE) < 0) {
- qemuAuditDomainStart(vm, "booted", false);
+ virDomainAuditStart(vm, "booted", false);
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains,
vm);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_BOOTED);
- qemuAuditDomainStart(vm, "booted", true);
+ virDomainAuditStart(vm, "booted", true);
dom = virGetDomain(conn, vm->def->name, vm->def->uuid);
if (dom) dom->id = vm->def->id;
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
- qemuAuditDomainStop(vm, "destroyed");
+ virDomainAuditStop(vm, "destroyed");
if (!vm->persistent) {
if (qemuDomainObjEndJob(vm) > 0)
qemuDomainObjEnterMonitor(vm);
r = qemuMonitorSetBalloon(priv->mon, newmem);
qemuDomainObjExitMonitor(vm);
- qemuAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update",
- r == 1);
+ virDomainAuditMemory(vm, vm->def->mem.cur_balloon, newmem, "update",
+ r == 1);
if (r < 0)
goto endjob;
/* Shut it down */
qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_SAVED);
- qemuAuditDomainStop(vm, "saved");
+ virDomainAuditStop(vm, "saved");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_SAVED);
endjob:
if ((ret == 0) && (flags & VIR_DUMP_CRASH)) {
qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_CRASHED);
- qemuAuditDomainStop(vm, "crashed");
+ virDomainAuditStop(vm, "crashed");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_CRASHED);
cleanup:
qemuDomainObjExitMonitor(vm);
vm->def->vcpus = vcpus;
- qemuAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1);
+ virDomainAuditVcpu(vm, oldvcpus, nvcpus, "update", rc == 1);
return ret;
unsupported:
}
if (ret < 0) {
- qemuAuditDomainStart(vm, "restored", false);
+ virDomainAuditStart(vm, "restored", false);
goto out;
}
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_RESTORED);
- qemuAuditDomainStart(vm, "restored", true);
+ virDomainAuditStart(vm, "restored", true);
if (event)
qemuDomainEventQueue(driver, event);
ret = qemuProcessStart(conn, driver, vm, NULL, start_paused,
autodestroy, -1, NULL, VIR_VM_OP_CREATE);
- qemuAuditDomainStart(vm, "booted", ret >= 0);
+ virDomainAuditStart(vm, "booted", ret >= 0);
if (ret >= 0) {
virDomainEventPtr event =
virDomainEventNewFromObj(vm,
rc = qemuProcessStart(snapshot->domain->conn, driver, vm, NULL,
false, false, -1, NULL, VIR_VM_OP_CREATE);
- qemuAuditDomainStart(vm, "from-snapshot", rc >= 0);
+ virDomainAuditStart(vm, "from-snapshot", rc >= 0);
if (qemuDomainSnapshotSetCurrentInactive(vm, driver->snapshotDir) < 0)
goto endjob;
if (rc < 0)
if (virDomainObjIsActive(vm)) {
qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_FROM_SNAPSHOT);
- qemuAuditDomainStop(vm, "from-snapshot");
+ virDomainAuditStop(vm, "from-snapshot");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT);
#include "qemu_domain.h"
#include "qemu_command.h"
#include "qemu_bridge_filter.h"
-#include "qemu_audit.h"
#include "qemu_hostdev.h"
+#include "domain_audit.h"
#include "domain_nwfilter.h"
#include "logging.h"
#include "virterror_internal.h"
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditDisk(vm, origdisk, disk, "update", ret >= 0);
+ virDomainAuditDisk(vm, origdisk, disk, "update", ret >= 0);
if (ret < 0)
goto error;
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0);
+ virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0);
if (ret < 0)
goto error;
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0);
+ virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0);
if (ret < 0)
goto error;
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditDisk(vm, NULL, disk, "attach", ret >= 0);
+ virDomainAuditDisk(vm, NULL, disk, "attach", ret >= 0);
if (ret < 0)
goto error;
if (qemuMonitorAddNetdev(priv->mon, netstr, tapfd, tapfd_name,
vhostfd, vhostfd_name) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, NULL, net, "attach", false);
+ virDomainAuditNet(vm, NULL, net, "attach", false);
goto cleanup;
}
} else {
if (qemuMonitorAddHostNetwork(priv->mon, netstr, tapfd, tapfd_name,
vhostfd, vhostfd_name) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, NULL, net, "attach", false);
+ virDomainAuditNet(vm, NULL, net, "attach", false);
goto cleanup;
}
}
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
if (qemuMonitorAddDevice(priv->mon, nicstr) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, NULL, net, "attach", false);
+ virDomainAuditNet(vm, NULL, net, "attach", false);
goto try_remove;
}
} else {
if (qemuMonitorAddPCINetwork(priv->mon, nicstr,
&guestAddr) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, NULL, net, "attach", false);
+ virDomainAuditNet(vm, NULL, net, "attach", false);
goto try_remove;
}
net->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI;
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, NULL, net, "attach", true);
+ virDomainAuditNet(vm, NULL, net, "attach", true);
ret = 0;
hostdev->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI;
memcpy(&hostdev->info.addr.pci, &guestAddr, sizeof(guestAddr));
}
- qemuAuditHostdev(vm, hostdev, "attach", ret == 0);
+ virDomainAuditHostdev(vm, hostdev, "attach", ret == 0);
if (ret < 0)
goto error;
hostdev->source.subsys.u.usb.bus,
hostdev->source.subsys.u.usb.device);
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditHostdev(vm, hostdev, "attach", ret == 0);
+ virDomainAuditHostdev(vm, hostdev, "attach", ret == 0);
if (ret < 0)
goto error;
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
- qemuAuditDisk(vm, detach, NULL, "detach", false);
+ virDomainAuditDisk(vm, detach, NULL, "detach", false);
goto cleanup;
}
} else {
if (qemuMonitorRemovePCIDevice(priv->mon,
&detach->info.addr.pci) < 0) {
qemuDomainObjExitMonitor(vm);
- qemuAuditDisk(vm, detach, NULL, "detach", false);
+ virDomainAuditDisk(vm, detach, NULL, "detach", false);
goto cleanup;
}
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditDisk(vm, detach, NULL, "detach", true);
+ virDomainAuditDisk(vm, detach, NULL, "detach", true);
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) &&
qemuDomainPCIAddressReleaseSlot(priv->pciaddrs,
qemuDomainObjEnterMonitorWithDriver(driver, vm);
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
- qemuAuditDisk(vm, detach, NULL, "detach", false);
+ virDomainAuditDisk(vm, detach, NULL, "detach", false);
goto cleanup;
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditDisk(vm, detach, NULL, "detach", true);
+ virDomainAuditDisk(vm, detach, NULL, "detach", true);
virDomainDiskRemove(vm->def, i);
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
- qemuAuditNet(vm, detach, NULL, "detach", false);
+ virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
} else {
if (qemuMonitorRemovePCIDevice(priv->mon,
&detach->info.addr.pci) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, detach, NULL, "detach", false);
+ virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
}
qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
if (qemuMonitorRemoveNetdev(priv->mon, hostnet_name) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, detach, NULL, "detach", false);
+ virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
} else {
if (qemuMonitorRemoveHostNetwork(priv->mon, vlan, hostnet_name) < 0) {
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, detach, NULL, "detach", false);
+ virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditNet(vm, detach, NULL, "detach", true);
+ virDomainAuditNet(vm, detach, NULL, "detach", true);
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) &&
qemuDomainPCIAddressReleaseSlot(priv->pciaddrs,
ret = qemuMonitorRemovePCIDevice(priv->mon, &detach->info.addr.pci);
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditHostdev(vm, detach, "detach", ret == 0);
+ virDomainAuditHostdev(vm, detach, "detach", ret == 0);
if (ret < 0)
return -1;
qemuDomainObjEnterMonitorWithDriver(driver, vm);
ret = qemuMonitorDelDevice(priv->mon, detach->info.alias);
qemuDomainObjExitMonitorWithDriver(driver, vm);
- qemuAuditHostdev(vm, detach, "detach", ret == 0);
+ virDomainAuditHostdev(vm, detach, "detach", ret == 0);
if (ret < 0)
return -1;
#include "qemu_domain.h"
#include "qemu_process.h"
#include "qemu_capabilities.h"
-#include "qemu_audit.h"
#include "qemu_cgroup.h"
+#include "domain_audit.h"
#include "logging.h"
#include "virterror_internal.h"
#include "memory.h"
true, dataFD[0], NULL,
VIR_VM_OP_MIGRATE_IN_START);
if (internalret < 0) {
- qemuAuditDomainStart(vm, "migrated", false);
+ virDomainAuditStart(vm, "migrated", false);
/* Note that we don't set an error here because qemuProcessStart
* should have already done that.
*/
}
if (virFDStreamOpen(st, dataFD[1]) < 0) {
- qemuAuditDomainStart(vm, "migrated", false);
+ virDomainAuditStart(vm, "migrated", false);
qemuProcessStop(driver, vm, 0, VIR_DOMAIN_SHUTOFF_FAILED);
if (!vm->persistent) {
if (qemuDomainObjEndJob(vm) > 0)
}
dataFD[1] = -1; /* 'st' owns the FD now & will close it */
- qemuAuditDomainStart(vm, "migrated", true);
+ virDomainAuditStart(vm, "migrated", true);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port);
if (qemuProcessStart(dconn, driver, vm, migrateFrom, true, true,
-1, NULL, VIR_VM_OP_MIGRATE_IN_START) < 0) {
- qemuAuditDomainStart(vm, "migrated", false);
+ virDomainAuditStart(vm, "migrated", false);
/* Note that we don't set an error here because qemuProcessStart
* should have already done that.
*/
VIR_WARN("Unable to encode migration cookie");
}
- qemuAuditDomainStart(vm, "migrated", true);
+ virDomainAuditStart(vm, "migrated", true);
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_MIGRATED);
resume = 0;
} else {
qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_MIGRATED);
- qemuAuditDomainStop(vm, "migrated");
+ virDomainAuditStop(vm, "migrated");
resume = 0;
event = virDomainEventNewFromObj(vm,
*/
if (v3proto) {
qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED);
- qemuAuditDomainStop(vm, "failed");
+ virDomainAuditStop(vm, "failed");
if (newVM) {
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains, vm);
*/
if (v3proto) {
qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED);
- qemuAuditDomainStop(vm, "failed");
+ virDomainAuditStop(vm, "failed");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FAILED);
qemuProcessAutoDestroyRemove(driver, vm);
} else {
qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_FAILED);
- qemuAuditDomainStop(vm, "failed");
+ virDomainAuditStop(vm, "failed");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_FAILED);
*/
if (retcode == 0) {
qemuProcessStop(driver, vm, 1, VIR_DOMAIN_SHUTOFF_MIGRATED);
- qemuAuditDomainStop(vm, "migrated");
+ virDomainAuditStop(vm, "migrated");
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STOPPED,
}
rc = virCgroupAllowDevicePath(cgroup, path,
VIR_CGROUP_DEVICE_RW);
- qemuAuditCgroupPath(vm, cgroup, "allow", path, "rw", rc);
+ virDomainAuditCgroupPath(vm, cgroup, "allow", path, "rw", rc);
if (rc < 0) {
virReportSystemError(-rc,
_("Unable to allow device %s for %s"),
if (cgroup != NULL) {
rc = virCgroupDenyDevicePath(cgroup, path,
VIR_CGROUP_DEVICE_RWM);
- qemuAuditCgroupPath(vm, cgroup, "deny", path, "rwm", rc);
+ virDomainAuditCgroupPath(vm, cgroup, "deny", path, "rwm", rc);
if (rc < 0)
VIR_WARN("Unable to deny device %s for %s %d",
path, vm->def->name, rc);
#include "qemu_capabilities.h"
#include "qemu_monitor.h"
#include "qemu_command.h"
-#include "qemu_audit.h"
#include "qemu_hostdev.h"
#include "qemu_hotplug.h"
#include "qemu_bridge_filter.h"
#include "c-ctype.h"
#include "nodeinfo.h"
#include "processinfo.h"
+#include "domain_audit.h"
#include "domain_nwfilter.h"
#include "locking/domain_lock.h"
#include "uuid.h"
VIR_DOMAIN_EVENT_STOPPED,
eventReason);
qemuProcessStop(driver, vm, 0, stopReason);
- qemuAuditDomainStop(vm, auditReason);
+ virDomainAuditStop(vm, auditReason);
if (!vm->persistent)
virDomainRemoveInactive(&driver->domains, vm);
then generate a security label for isolation */
VIR_DEBUG("Generating domain security label (if required)");
if (virSecurityManagerGenLabel(driver->securityManager, vm) < 0) {
- qemuAuditSecurityLabel(vm, false);
+ virDomainAuditSecurityLabel(vm, false);
goto cleanup;
}
- qemuAuditSecurityLabel(vm, true);
+ virDomainAuditSecurityLabel(vm, true);
/* Ensure no historical cgroup for this VM is lying around bogus
* settings */
VIR_DEBUG("Killing domain");
qemuProcessStop(data->driver, dom, 1, VIR_DOMAIN_SHUTOFF_DESTROYED);
- qemuAuditDomainStop(dom, "destroyed");
+ virDomainAuditStop(dom, "destroyed");
event = virDomainEventNewFromObj(dom,
VIR_DOMAIN_EVENT_STOPPED,
VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
projects / thirdparty / libvirt.git / commitdiff
