On 11/20/2012 10:52 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > Currently the LXC driver logs audit messages when a container > is started or stopped. These audit messages, however, contain > the PID of the libvirt_lxc supervisor process. To enable > sysadmins to correlate with audit messages generated by > processes /inside/ the container, we need to include the > container init process PID. > > We can't do this in the main 'start' audit message, since > the init PID is not available at that point. Instead we output > a completely new audit record, that lists both PIDs. > > type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success' ACK. > src/lxc/lxc_protocol.x | 7 ++++++- > 8 files changed, 102 insertions(+), 2 deletions(-) Hmm, we probably ought to start src/lxc_protocol-structs (similar to all our other RPC files) in order to ensure that we don't break ABI compatibility when updating .x files. But that is a separate patch. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list