[PATCH v2 1/1] audit: Log only an info message if audit_level < 2 and audit is not supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Replace the error message during startup of libvirtd with an info
message if audit_level < 2 and audit is not supported by the
kernel. Audit is not supported by the current kernel if the kernel
does not have audit compiled in or if audit is disabled (e.g. by the
kernel cmdline).

Signed-off-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxxxxxxx>
---
 daemon/libvirtd.c   |  2 +-
 src/util/viraudit.c | 16 ++++++++++++++--
 src/util/viraudit.h |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 5103e8debea6..6d3b83355bca 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1422,7 +1422,7 @@ int main(int argc, char **argv) {
 
     if (config->audit_level) {
         VIR_DEBUG("Attempting to configure auditing subsystem");
-        if (virAuditOpen() < 0) {
+        if (virAuditOpen(config->audit_level) < 0) {
             if (config->audit_level > 1) {
                 ret = VIR_DAEMON_ERR_AUDIT;
                 goto cleanup;
diff --git a/src/util/viraudit.c b/src/util/viraudit.c
index 17e58b3a9574..3c444b69ab9f 100644
--- a/src/util/viraudit.c
+++ b/src/util/viraudit.c
@@ -55,11 +55,23 @@ static int auditfd = -1;
 #endif
 static bool auditlog;
 
-int virAuditOpen(void)
+int virAuditOpen(ATTRIBUTE_UNUSED unsigned int audit_level)
 {
 #if WITH_AUDIT
     if ((auditfd = audit_open()) < 0) {
-        virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        /* You get these error codes only when the kernel does not
+         * have audit compiled in or it's disabled (e.g. by the kernel
+         * cmdline) */
+        if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+            errno == EAFNOSUPPORT) {
+            if (audit_level < 2)
+                VIR_INFO("Audit is not supported by the kernel");
+            else
+                virReportError(VIR_FROM_THIS, "%s", _("Audit is not supported by the kernel"));
+        } else {
+            virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        }
+
         return -1;
     }
 
diff --git a/src/util/viraudit.h b/src/util/viraudit.h
index ed3d66ab5d0f..478dc8408f4e 100644
--- a/src/util/viraudit.h
+++ b/src/util/viraudit.h
@@ -32,7 +32,7 @@ typedef enum {
     VIR_AUDIT_RECORD_RESOURCE,
 } virAuditRecordType;
 
-int virAuditOpen(void);
+int virAuditOpen(unsigned int audit_level);
 
 void virAuditLog(bool enabled);
 
-- 
2.13.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux