Re: [PATCH] Log an audit message with the LXC init pid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/20/2012 10:52 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> 
> Currently the LXC driver logs audit messages when a container
> is started or stopped. These audit messages, however, contain
> the PID of the libvirt_lxc supervisor process. To enable
> sysadmins to correlate with audit messages generated by
> processes /inside/ the container, we need to include the
> container init process PID.
> 
> We can't do this in the main 'start' audit message, since
> the init PID is not available at that point. Instead we output
> a completely new audit record, that lists both PIDs.
> 
> type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'

ACK.

>  src/lxc/lxc_protocol.x   |  7 ++++++-
>  8 files changed, 102 insertions(+), 2 deletions(-)

Hmm, we probably ought to start src/lxc_protocol-structs (similar to all
our other RPC files) in order to ensure that we don't break ABI
compatibility when updating .x files.  But that is a separate patch.

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]