[libvirt] [PATCH v2 1/1] audit: Log only an info message if audit_level < 2 and audit is not supported
Marc Hartmayer
mhartmay at linux.vnet.ibm.com
Wed Dec 13 13:36:20 UTC 2017
On Wed, Dec 13, 2017 at 02:10 PM +0100, Michal Privoznik <mprivozn at redhat.com> wrote:
> On 12/13/2017 11:56 AM, Marc Hartmayer wrote:
>> Replace the error message during startup of libvirtd with an info
>> message if audit_level < 2 and audit is not supported by the
>> kernel. Audit is not supported by the current kernel if the kernel
>> does not have audit compiled in or if audit is disabled (e.g. by the
>> kernel cmdline).
>>
>> Signed-off-by: Marc Hartmayer <mhartmay at linux.vnet.ibm.com>
>> Reviewed-by: Boris Fiuczynski <fiuczy at linux.vnet.ibm.com>
>> ---
>> daemon/libvirtd.c | 2 +-
>> src/util/viraudit.c | 16 ++++++++++++++--
>> src/util/viraudit.h | 2 +-
>> 3 files changed, 16 insertions(+), 4 deletions(-)
>>
>> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
>> index 5103e8debea6..6d3b83355bca 100644
>> --- a/daemon/libvirtd.c
>> +++ b/daemon/libvirtd.c
>> @@ -1422,7 +1422,7 @@ int main(int argc, char **argv) {
>>
>> if (config->audit_level) {
>> VIR_DEBUG("Attempting to configure auditing subsystem");
>> - if (virAuditOpen() < 0) {
>> + if (virAuditOpen(config->audit_level) < 0) {
>> if (config->audit_level > 1) {
>> ret = VIR_DAEMON_ERR_AUDIT;
>> goto cleanup;
>> diff --git a/src/util/viraudit.c b/src/util/viraudit.c
>> index 17e58b3a9574..3c444b69ab9f 100644
>> --- a/src/util/viraudit.c
>> +++ b/src/util/viraudit.c
>> @@ -55,11 +55,23 @@ static int auditfd = -1;
>> #endif
>> static bool auditlog;
>>
>> -int virAuditOpen(void)
>> +int virAuditOpen(ATTRIBUTE_UNUSED unsigned int audit_level)
>
> Usually, we put attributes after variable declaration.
>
>> {
>> #if WITH_AUDIT
>> if ((auditfd = audit_open()) < 0) {
>> - virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
>> + /* You get these error codes only when the kernel does not
>> + * have audit compiled in or it's disabled (e.g. by the kernel
>> + * cmdline) */
>> + if (errno == EINVAL || errno == EPROTONOSUPPORT ||
>> + errno == EAFNOSUPPORT) {
>> + if (audit_level < 2)
>> + VIR_INFO("Audit is not supported by the kernel");
>> + else
>> + virReportError(VIR_FROM_THIS, "%s", _("Audit is not supported by the kernel"));
>> + } else {
>> + virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
>> + }
>> +
>> return -1;
>> }
>>
>> diff --git a/src/util/viraudit.h b/src/util/viraudit.h
>> index ed3d66ab5d0f..478dc8408f4e 100644
>> --- a/src/util/viraudit.h
>> +++ b/src/util/viraudit.h
>> @@ -32,7 +32,7 @@ typedef enum {
>> VIR_AUDIT_RECORD_RESOURCE,
>> } virAuditRecordType;
>>
>> -int virAuditOpen(void);
>> +int virAuditOpen(unsigned int audit_level);
>>
>> void virAuditLog(bool enabled);
>>
>>
>
> Fixed, ACKed and pushed.
Thanks.
>
> Michal
>
--
Beste Grüße / Kind regards
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list