+++ This bug was initially created as a clone of Bug #710150 +++ Description of problem: When doing hotunplug of a disk, we accidentally audit 'fail' in the successful path, and don't audit anything in the failure path. http://www.redhat.com/archives/libvir-list/2011-June/msg00083.html Version-Release number of selected component (if applicable): 0.8.7-18.el6 How reproducible: Always Steps to Reproduce: 1. cat > tck.xml <<EOF <domain type="qemu"> <name>tck</name> <memory>65536</memory> <currentMemory>65536</currentMemory> <os> <type>hvm</type> <kernel>/var/cache/libvirt-tck/os-i686-hvm/vmlinuz</kernel> <initrd>/var/cache/libvirt-tck/os-i686-hvm/initrd</initrd> </os> <features> <acpi /> <apic /> </features> <devices> <disk type="file"> <source file="/var/cache/libvirt-tck/os-i686-hvm/disk.img" /> <target dev="vda" /> </disk> <console type="pty" /> </devices> </domain> EOF 2. cat > disk.xml <<EOF <disk type="file"> <source file="/var/cache/libvirt-tck/os-i686-hvm/disk.img" /> <target dev="vda" /> </disk> EOF 3. virsh create tck.xml 4. virsh detach-device tck disk.xml 5. # grep detach /var/log/audit/audit.log Actual results: type=VIRT_RESOURCE msg=audit(1307025151.862:3365): user pid=27880 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=disk reason=detach vm="tck" uuid=dceb1d2d-3dd7-3222-129c-a44cd5f2ba69 old-disk="/var/cache/libvirt-tck/os-i686-hvm/disk.img" new-disk="?": exe="/usr/sbin/libvirtd.old" hostname=? addr=? terminal=pts/3 res=failed' Expected results: type=VIRT_RESOURCE msg=audit(1307025113.581:3317): user pid=27671 uid=0 auid=0 ses=10 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=disk reason=detach vm="tck" uuid=f5d0a05d-a363-9669-8247-1c4370b3a324 old-disk="/var/cache/libvirt-tck/os-i686-hvm/disk.img" new-disk="?": exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/3 res=success' Additional info:
In POST for 5.8; the same patch should work without issues for 5.7.z and 5.6.z once the z-stream bz's are cloned: http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-June/msg00031.html
kernel-2.6.18-269.el5 kvm-83-238.el5 Reproduced this bug with libvirt-0.8.2-15.el5(RHEL5.6). Cann't be reproduced with libvirt-0.8.2-20.el5(RHEL5.7). Verified pass with libvirt-0.8.2-22.el5.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-1019.html