]> xenbits.xensource.com Git - libvirt.git/commit
projects / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 30ad488) | patch
audit: split cgroup audit types to allow more information
authorEric Blake <eblake@redhat.com>
Mon, 7 Mar 2011 23:17:26 +0000 (16:17 -0700)
committerEric Blake <eblake@redhat.com>
Wed, 9 Mar 2011 16:08:10 +0000 (09:08 -0700)
commitd04916faaebf8c4cdd3a0ad38daf770bbbba157c
tree6fd1ae9e39c7267a91cdc078852caf1c85b4e72etree
parent30ad48836ed79adb91ee2aee5e1d5245e3620842commit | diff
audit: split cgroup audit types to allow more information

Device names can be manipulated, so it is better to also log
the major/minor device number corresponding to the cgroup ACL
changes that libvirt made.  This required some refactoring
of the relatively new qemu cgroup audit code.

Also, qemuSetupChardevCgroup was only auditing on failure, not success.

* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete.
(qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New
prototypes.
* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename...
(qemuAuditCgroup): ...and drop a parameter.
(qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to
allow listing device major/minor in audit.
(qemuAuditGetRdev): New helper function.
* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers.
* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
(qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup)
(qemuTeardownDiskPathDeny): Likewise.
(qemuSetupChardevCgroup): Likewise, fixing missing audit.
src/qemu/qemu_audit.c diff | blob | blame | history
src/qemu/qemu_audit.h diff | blob | blame | history
src/qemu/qemu_cgroup.c diff | blob | blame | history
src/qemu/qemu_driver.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.