[libvirt] [PATCH] Log an audit message with the LXC init pid
Eric Blake
eblake at redhat.com
Tue Nov 20 18:06:28 UTC 2012
On 11/20/2012 10:52 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> Currently the LXC driver logs audit messages when a container
> is started or stopped. These audit messages, however, contain
> the PID of the libvirt_lxc supervisor process. To enable
> sysadmins to correlate with audit messages generated by
> processes /inside/ the container, we need to include the
> container init process PID.
>
> We can't do this in the main 'start' audit message, since
> the init PID is not available at that point. Instead we output
> a completely new audit record, that lists both PIDs.
>
> type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'
ACK.
> src/lxc/lxc_protocol.x | 7 ++++++-
> 8 files changed, 102 insertions(+), 2 deletions(-)
Hmm, we probably ought to start src/lxc_protocol-structs (similar to all
our other RPC files) in order to ensure that we don't break ABI
compatibility when updating .x files. But that is a separate patch.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20121120/7a68fbfe/attachment-0001.sig>
More information about the libvir-list
mailing list