Bug 710150 - Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect
Summary: Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: ---
Assignee: Eric Blake
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 712141 (view as bug list)
Depends On:
Blocks: 712141 728516
TreeView+ depends on / blocked
 
Reported: 2011-06-02 14:34 UTC by Daniel Berrangé
Modified: 2011-12-06 11:12 UTC (History)
7 users (show)

Fixed In Version: libvirt-0.9.2-1.el6
Doc Type: Bug Fix
Doc Text:
Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure. This bug has been fixed, and auditing of disk hot unplug operations now works as expected.
Clone Of:
: 710151 (view as bug list)
Environment:
Last Closed: 2011-12-06 11:12:26 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1513 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-12-06 01:23:30 UTC

Description Daniel Berrangé 2011-06-02 14:34:37 UTC
Description of problem:

When doing hotunplug of a disk, we accidentally audit 'fail' in the successful path, and don't audit anything in the failure path. 

http://www.redhat.com/archives/libvir-list/2011-June/msg00083.html

Version-Release number of selected component (if applicable):
0.8.7-18.el6

How reproducible:
Always

Steps to Reproduce:
1. cat > tck.xml <<EOF
<domain type="qemu">
  <name>tck</name>
  <memory>65536</memory>
  <currentMemory>65536</currentMemory>
  <os>
    <type>hvm</type>
    <kernel>/var/cache/libvirt-tck/os-i686-hvm/vmlinuz</kernel>
    <initrd>/var/cache/libvirt-tck/os-i686-hvm/initrd</initrd>
  </os>
  <features>
    <acpi />
    <apic />
  </features>
  <devices>
    <disk type="file">
      <source file="/var/cache/libvirt-tck/os-i686-hvm/disk.img" />
      <target dev="vda" />
    </disk>
    <console type="pty" />
  </devices>
</domain>
EOF

2. cat > disk.xml <<EOF
  <disk type="file">
      <source file="/var/cache/libvirt-tck/os-i686-hvm/disk.img" />
      <target dev="vda" />
    </disk>
EOF
3. virsh create tck.xml
4. virsh detach-device tck disk.xml
5. # grep detach /var/log/audit/audit.log 
  
Actual results:
type=VIRT_RESOURCE msg=audit(1307025151.862:3365): user pid=27880 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=disk reason=detach vm="tck" uuid=dceb1d2d-3dd7-3222-129c-a44cd5f2ba69 old-disk="/var/cache/libvirt-tck/os-i686-hvm/disk.img" new-disk="?": exe="/usr/sbin/libvirtd.old" hostname=? addr=? terminal=pts/3 res=failed'


Expected results:
type=VIRT_RESOURCE msg=audit(1307025113.581:3317): user pid=27671 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=disk reason=detach vm="tck" uuid=f5d0a05d-a363-9669-8247-1c4370b3a324 old-disk="/var/cache/libvirt-tck/os-i686-hvm/disk.img" new-disk="?": exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/3 res=success'


Additional info:

Comment 2 Eric Blake 2011-06-02 20:35:37 UTC
RHEL 6.2 will pick this up automatically when rebasing to 0.9.2 or later, thanks to upstream:

commit 020342e68debddff641f70f87b5c6991c128648a
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Thu Jun 2 14:52:24 2011 +0100

    Fix auditing of disk hotunplug operations
    
    The qemuAuditDisk calls in disk hotunplug operations were being
    passed 'ret >= 0', but the code which sets ret to 0 was not yet
    executed, and the error path had already jumped to the 'cleanup'
    label. This meant hotunplug failures were never audited, and
    hotunplug success was audited as a failure
    
    * src/qemu/qemu_hotplug.c: Fix auditing of hotunplug

Comment 3 Eric Blake 2011-06-02 20:42:50 UTC
Additionally, this patch is ready for 6.1.z once the z-stream bz is created:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-June/msg00030.html

Comment 5 Daniel Veillard 2011-06-23 03:38:06 UTC
This should be fixed by the libvirt-0.9.2-1.el6 rebase

Comment 6 weizhang 2011-07-04 10:23:04 UTC
verify pass on 
libvirt-0.9.2-1.el6.x86_64
kernel-2.6.32-156.el6.x86_64
qemu-kvm-0.12.1.2-2.165.el6.x86_64

the steps is as Description shows.

Comment 8 Rita Wu 2011-07-06 10:23:59 UTC
Set it as VERIFIED per comment6

Comment 9 Eric Blake 2011-08-08 17:21:41 UTC
*** Bug 712141 has been marked as a duplicate of this bug. ***

Comment 10 Eric Blake 2011-08-08 17:23:06 UTC
Two 6.1.z-stream bugs were filed against this; bug 712141 was later reassigned back to 6.2, so only bug 728516 remains to track the fix in 6.1.z.

Comment 11 Tomas Capek 2011-08-18 13:59:33 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure. This bug has been fixed, and auditing of disk hot unplug operations now works as expected.

Comment 12 errata-xmlrpc 2011-12-06 11:12:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html


Note You need to log in before you can comment on or make changes to this bug.