Re: [PATCH] audit: Log only an info message if audit_level < 2 and audit is not supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 27, 2017 at 07:02 PM +0100, Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx> wrote:
> Replace the error message during startup of libvirtd with an info
> message if audit_level < 2 and audit is not supported by the
> kernel. Audit is not supported by the current kernel if the kernel
> does not have audit compiled in or if audit is disabled (e.g. by the
> kernel cmdline).
>
> Signed-off-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx>
> Reviewed-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxxxxxxx>
> ---
>  daemon/libvirtd.c   |  2 +-
>  src/util/viraudit.c | 17 +++++++++++++++--
>  src/util/viraudit.h |  2 +-
>  3 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> index 589b32192e3d..6bbff0d45684 100644
> --- a/daemon/libvirtd.c
> +++ b/daemon/libvirtd.c
> @@ -1418,7 +1418,7 @@ int main(int argc, char **argv) {
>
>      if (config->audit_level) {
>          VIR_DEBUG("Attempting to configure auditing subsystem");
> -        if (virAuditOpen() < 0) {
> +        if (virAuditOpen(config->audit_level) < 0) {
>              if (config->audit_level > 1) {
>                  ret = VIR_DAEMON_ERR_AUDIT;
>                  goto cleanup;
> diff --git a/src/util/viraudit.c b/src/util/viraudit.c
> index 17e58b3a9574..9b755e384f24 100644
> --- a/src/util/viraudit.c
> +++ b/src/util/viraudit.c
> @@ -55,11 +55,24 @@ static int auditfd = -1;
>  #endif
>  static bool auditlog;
>
> -int virAuditOpen(void)
> +int virAuditOpen(unsigned int audit_level)
>  {
>  #if WITH_AUDIT
>      if ((auditfd = audit_open()) < 0) {
> -        virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
> +        /* You get these error codes only when the kernel does not
> +         * have audit compiled in or it's disabled (e.g. by the kernel
> +         * cmdline) */
> +        if (errno == EINVAL || errno == EPROTONOSUPPORT ||
> +            errno == EAFNOSUPPORT) {
> +            const char msg[] = "Audit is not supported by the kernel";
> +            if (audit_level < 2)
> +                VIR_INFO("%s", _(msg));
> +            else
> +                virReportError(VIR_FROM_THIS, "%s", _(msg));
> +        } else {
> +            virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
> +        }
> +
>          return -1;
>      }
>
> diff --git a/src/util/viraudit.h b/src/util/viraudit.h
> index edaddf3c886f..e0471be1a85d 100644
> --- a/src/util/viraudit.h
> +++ b/src/util/viraudit.h
> @@ -32,7 +32,7 @@ typedef enum {
>      VIR_AUDIT_RECORD_RESOURCE,
>  } virAuditRecordType;
>
> -int virAuditOpen(void);
> +int virAuditOpen(unsigned int audit_level);
>
>  void virAuditLog(bool enabled);
>
> -- 
> 2.13.4
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
>

Polite ping :)

-- 
Beste Grüße / Kind regards
   Marc Hartmayer

IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux