Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 710151 - Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect
Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: libvirt (Show other bugs)
5.6
Unspecified Unspecified
urgent Severity high
: rc
: ---
Assigned To: Eric Blake
Virtualization Bugs
: ZStream
Depends On:
Blocks: 713444 713446
  Show dependency treegraph
 
Reported: 2011-06-02 10:36 EDT by Daniel Berrange
Modified: 2011-07-21 06:31 EDT (History)
8 users (show)

See Also:
Fixed In Version: libvirt-0.8.2-22.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 710150
Environment:
Last Closed: 2011-07-21 06:31:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1019 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2011-07-21 06:31:00 EDT

  None (edit)
Description Daniel Berrange 2011-06-02 10:36:03 EDT 
+++ This bug was initially created as a clone of Bug #710150 +++

Description of problem:

When doing hotunplug of a disk, we accidentally audit 'fail' in the successful path, and don't audit anything in the failure path. 

http://www.redhat.com/archives/libvir-list/2011-June/msg00083.html

Version-Release number of selected component (if applicable):
0.8.7-18.el6

How reproducible:
Always

Steps to Reproduce:
1. cat > tck.xml <<EOF
<domain type="qemu">
  <name>tck</name>
  <memory>65536</memory>
  <currentMemory>65536</currentMemory>
  <os>
    <type>hvm</type>
    <kernel>/var/cache/libvirt-tck/os-i686-hvm/vmlinuz</kernel>
    <initrd>/var/cache/libvirt-tck/os-i686-hvm/initrd</initrd>
  </os>
  <features>
    <acpi />
    <apic />
  </features>
  <devices>
    <disk type="file">
      <source file="/var/cache/libvirt-tck/os-i686-hvm/disk.img" />
      <target dev="vda" />
    </disk>
    <console type="pty" />
  </devices>
</domain>
EOF

2. cat > disk.xml <<EOF
  <disk type="file">
      <source file="/var/cache/libvirt-tck/os-i686-hvm/disk.img" />
      <target dev="vda" />
    </disk>
EOF
3. virsh create tck.xml
4. virsh detach-device tck disk.xml
5. # grep detach /var/log/audit/audit.log 
  
Actual results:
type=VIRT_RESOURCE msg=audit(1307025151.862:3365): user pid=27880 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=disk reason=detach vm="tck" uuid=dceb1d2d-3dd7-3222-129c-a44cd5f2ba69 old-disk="/var/cache/libvirt-tck/os-i686-hvm/disk.img" new-disk="?": exe="/usr/sbin/libvirtd.old" hostname=? addr=? terminal=pts/3 res=failed'


Expected results:
type=VIRT_RESOURCE msg=audit(1307025113.581:3317): user pid=27671 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=disk reason=detach vm="tck" uuid=f5d0a05d-a363-9669-8247-1c4370b3a324 old-disk="/var/cache/libvirt-tck/os-i686-hvm/disk.img" new-disk="?": exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/3 res=success'


Additional info:
Comment 1 Eric Blake 2011-06-02 17:20:04 EDT 
In POST for 5.8; the same patch should work without issues for 5.7.z and 5.6.z once the z-stream bz's are cloned:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-June/msg00031.html
Comment 7 dyuan 2011-06-30 01:50:53 EDT 
kernel-2.6.18-269.el5
kvm-83-238.el5

Reproduced this bug with libvirt-0.8.2-15.el5(RHEL5.6).
Cann't be reproduced with libvirt-0.8.2-20.el5(RHEL5.7).
Verified pass with libvirt-0.8.2-22.el5.
Comment 8 errata-xmlrpc 2011-07-21 06:31:35 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1019.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.