Bug 1227558 - No audit log when start a vm with iothreads
Summary: No audit log when start a vm with iothreads
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.2
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: John Ferlan
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-03 02:43 UTC by Luyao Huang
Modified: 2015-11-19 06:39 UTC (History)
7 users (show)

Fixed In Version: libvirt-1.2.17-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 06:39:55 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2202 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2015-11-19 08:17:58 UTC

Description Luyao Huang 2015-06-03 02:43:33 UTC
Description of problem:
No audit log when start a vm with iothreads

Version-Release number of selected component (if applicable):
libvirt-1.2.15-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Make sure auditing is enabled

2. prepare a vm with iothreads and start it:
# virsh iothreadinfo test3
 IOThread ID     CPU Affinity   
---------------------------------------------------
 2               0-3
 1               3

# virsh start test3
Domain test3 started

3. check the audit log

# ausearch -ts today -m VIRT_RESOURCE | grep 'iothread'
(no output)

Actual results:
No audit log when start a vm with iothreads

but have a log when hot add a iothread:

type=VIRT_RESOURCE msg=audit(1433298675.005:15889): pid=2578 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=iothread reason=update vm="test3" uuid=7347d748-f7ce-448f-8d49-3d29c9bcac30 old-iothread=2 new-iothread=3 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'

Expected results:
audit the iothread number started at domain startup time, like this:

type=VIRT_RESOURCE msg=audit(1433298675.005:15889): pid=2578 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=iothread reason=start vm="test3" uuid=7347d748-f7ce-448f-8d49-3d29c9bcac30 old-iothread=0 new-iothread=2 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'

Additional info:

This upstream commit could fix this issue:

commit 038a03c7a7492865c3e714b2d36cd9bde6bf5fc8
Author: Luyao Huang <lhuang@redhat.com>
Date:   Sun May 31 22:07:58 2015 +0800

    audit: Audit number of iothreads at domain startup
    
    If the domain has IOThreads defined, then audit the number started
    at domain startup time.
    
    Signed-off-by: Luyao Huang <lhuang@redhat.com>

v1.2.16-27-g038a03c

Comment 2 zhenfeng wang 2015-07-07 08:39:26 UTC
Verify this bug with libvirt-1.2.17-1.el7, the audit log about iothreads could be shown in ausearch output, however, didn't show in auvirt command, will this be acceptable? please help check it, thanks

1.Start a guest with iothread configured
#virsh dumpxml rhel7.0
--
  <iothreads>4</iothreads>
  <iothreadids>
    <iothread id='1'/>
    <iothread id='2'/>
    <iothread id='3'/>
    <iothread id='4'/>
  </iothreadids>

2.Start the guest, will fail to get the iothread info, thhe issue has been tracked by bug 1238589
# virsh iothreadinfo rhel7.0
error: Unable to get domain IOThreads information
error: Unable to encode message payload


3.check the audit log with ausearch command, could get the audit log about iothreads

# ausearch -ts today -m VIRT_RESOURCE | grep 'iothread'
type=VIRT_RESOURCE msg=audit(1436256617.284:46835): pid=5033 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=iothread reason=start vm="rhel7.0" uuid=322b9657-5616-4b5a-bfc8-a05475c2873e old-iothread=0 new-iothread=4 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'


4.Check the audit log with the auvirt command, couldn't see the iothreads in the output
# auvirt --all-events
--
res   rhel7.0                  	root       	Tue Jul  7 16:26                   	cgroup      	deny      	all		
res   rhel7.0                  	root       	Tue Jul  7 16:26                   	cgroup      	allow     	path	rw	/mnt/zhwang/img/vm3.qcow2
res   rhel7.0                  	root       	Tue Jul  7 16:26                   	cgroup      	allow     	major	rw	pty
res   rhel7.0                  	root       	Tue Jul  7 16:27                   	disk        	start     	/mnt/zhwang/img/vm3.qcow2
res   rhel7.0                  	root       	Tue Jul  7 16:27                   	net         	start     	"52:54:00:6e:35:dc"
res   rhel7.0                  	root       	Tue Jul  7 16:27                   	mem         	start     	1048576
res   rhel7.0                  	root       	Tue Jul  7 16:27                   	vcpu        	start     	2
start rhel7.0                  	root       	Tue Jul  7 16:27

Comment 3 John Ferlan 2015-07-09 13:23:04 UTC
I don't believe it matters, but that would perhaps be a question for whomever owns the auvirt command.  I'll note that iothreads are just thread resources associated with the qemu process.  There are a number of resources audited at startup (virDomainAuditStart) that I don't necessarily see in the auvirt list. But what I do see specifically called out seems to be host level resources (vcpu, mem, net, disk) rather than things like threads, sockets, files, etc.

Comment 4 zhenfeng wang 2015-08-03 02:40:18 UTC
Thanks John's response,then mark this bug verified and confirm the auvirt command's doubt in bug 982154

Comment 6 errata-xmlrpc 2015-11-19 06:39:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html


Note You need to log in before you can comment on or make changes to this bug.