[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Don't use O_TRUNC when opening QEMU logfiles



On Fri, Sep 21, 2012 at 10:39:19AM +0100, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange redhat com>
> 
> SELinux wants all log files opened with O_APPEND. When
> running non-root though, libvirtd likes to use O_TRUNC
> to avoid log files growing in size indefinitely. Instead
> of using O_TRUNC though, we can use O_APPEND and then
> call ftruncate() which keeps SELinux happier.

As far as I can see, although this patch doesn't break anything, it
doesn't fix the SELinux problem either.  SELinux still prevents qemu
from writing to the log.  The AVCs look the same as before:

type=AVC msg=audit(1348227948.158:14174): avc:  denied  { append } for  pid=13139 comm="qemu-kvm" path="/home/rjones/.cache/libvirt/qemu/log/guestfs-wd6efsxohmy5jd2s.log" dev="dm-5" ino=1870215 scontext=unconfined_u:unconfined_r:svirt_t:s0:c69,c512 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file
type=AVC msg=audit(1348227948.158:14174): avc:  denied  { append } for  pid=13139 comm="qemu-kvm" path="/home/rjones/.cache/libvirt/qemu/log/guestfs-wd6efsxohmy5jd2s.log" dev="dm-5" ino=1870215 scontext=unconfined_u:unconfined_r:svirt_t:s0:c69,c512 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file

My test is to do:

killall libvirtd lt-libvirtd
../libvirt/run guestfish -a /dev/null -- config "-xxx" "xxx" : run

and then examine the ~/.cache/libvirt/qemu/log/guestfs-*.log to
see if the error message appears there.  The string
"qemu-kvm: -xxx: invalid option" ought to appear in the log file.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]