[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Log an audit message with the LXC init pid

On 11/20/2012 10:52 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange redhat com>
> Currently the LXC driver logs audit messages when a container
> is started or stopped. These audit messages, however, contain
> the PID of the libvirt_lxc supervisor process. To enable
> sysadmins to correlate with audit messages generated by
> processes /inside/ the container, we need to include the
> container init process PID.
> We can't do this in the main 'start' audit message, since
> the init PID is not available at that point. Instead we output
> a completely new audit record, that lists both PIDs.
> type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'


>  src/lxc/lxc_protocol.x   |  7 ++++++-
>  8 files changed, 102 insertions(+), 2 deletions(-)

Hmm, we probably ought to start src/lxc_protocol-structs (similar to all
our other RPC files) in order to ensure that we don't break ABI
compatibility when updating .x files.  But that is a separate patch.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]