[libvirt] [PATCH v2 1/1] audit: Log only an info message if audit_level < 2 and audit is not supported

Wed Dec 13 13:36:20 UTC 2017

On Wed, Dec 13, 2017 at 02:10 PM +0100, Michal Privoznik <mprivozn at redhat.com> wrote:
> On 12/13/2017 11:56 AM, Marc Hartmayer wrote:
>> Replace the error message during startup of libvirtd with an info
>> message if audit_level < 2 and audit is not supported by the
>> kernel. Audit is not supported by the current kernel if the kernel
>> does not have audit compiled in or if audit is disabled (e.g. by the
>> kernel cmdline).
>> 
>> Signed-off-by: Marc Hartmayer <mhartmay at linux.vnet.ibm.com>
>> Reviewed-by: Boris Fiuczynski <fiuczy at linux.vnet.ibm.com>
>> ---
>>  daemon/libvirtd.c   |  2 +-
>>  src/util/viraudit.c | 16 ++++++++++++++--
>>  src/util/viraudit.h |  2 +-
>>  3 files changed, 16 insertions(+), 4 deletions(-)
>> 
>> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
>> index 5103e8debea6..6d3b83355bca 100644
>> --- a/daemon/libvirtd.c
>> +++ b/daemon/libvirtd.c
>> @@ -1422,7 +1422,7 @@ int main(int argc, char **argv) {
>>  
>>      if (config->audit_level) {
>>          VIR_DEBUG("Attempting to configure auditing subsystem");
>> -        if (virAuditOpen() < 0) {
>> +        if (virAuditOpen(config->audit_level) < 0) {
>>              if (config->audit_level > 1) {
>>                  ret = VIR_DAEMON_ERR_AUDIT;
>>                  goto cleanup;
>> diff --git a/src/util/viraudit.c b/src/util/viraudit.c
>> index 17e58b3a9574..3c444b69ab9f 100644
>> --- a/src/util/viraudit.c
>> +++ b/src/util/viraudit.c
>> @@ -55,11 +55,23 @@ static int auditfd = -1;
>>  #endif
>>  static bool auditlog;
>>  
>> -int virAuditOpen(void)
>> +int virAuditOpen(ATTRIBUTE_UNUSED unsigned int audit_level)
>
> Usually, we put attributes after variable declaration.
>
>>  {
>>  #if WITH_AUDIT
>>      if ((auditfd = audit_open()) < 0) {
>> -        virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
>> +        /* You get these error codes only when the kernel does not
>> +         * have audit compiled in or it's disabled (e.g. by the kernel
>> +         * cmdline) */
>> +        if (errno == EINVAL || errno == EPROTONOSUPPORT ||
>> +            errno == EAFNOSUPPORT) {
>> +            if (audit_level < 2)
>> +                VIR_INFO("Audit is not supported by the kernel");
>> +            else
>> +                virReportError(VIR_FROM_THIS, "%s", _("Audit is not supported by the kernel"));
>> +        } else {
>> +            virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
>> +        }
>> +
>>          return -1;
>>      }
>>  
>> diff --git a/src/util/viraudit.h b/src/util/viraudit.h
>> index ed3d66ab5d0f..478dc8408f4e 100644
>> --- a/src/util/viraudit.h
>> +++ b/src/util/viraudit.h
>> @@ -32,7 +32,7 @@ typedef enum {
>>      VIR_AUDIT_RECORD_RESOURCE,
>>  } virAuditRecordType;
>>  
>> -int virAuditOpen(void);
>> +int virAuditOpen(unsigned int audit_level);
>>  
>>  void virAuditLog(bool enabled);
>>  
>> 
>
> Fixed, ACKed and pushed.

Thanks.

>
> Michal
>
-- 
Beste Grüße / Kind regards
   Marc Hartmayer

IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294