Bug 922186 - Cgroup audit events with path are not escaped
Cgroup audit events with path are not escaped
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
18
Unspecified Unspecified
high Severity medium
: ---
: ---
Assigned To: Eric Blake
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 922203
  Show dependency treegraph
 
Reported: 2013-03-15 13:06 EDT by Steve Grubb
Modified: 2013-05-28 20:51 EDT (History)
10 users (show)

See Also:
Fixed In Version: libvirt-0.10.2.5-1.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 922203 (view as bug list)
Environment:
Last Closed: 2013-05-28 20:51:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2013-03-15 13:06:06 EDT
Description of problem:
Cgroup assignment events with path are not escaped like in other places. For example, this one is bad:

type=VIRT_RESOURCE msg=audit(1363276478.481:2935): pid=1993 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=cgroup reason=allow vm="rawhide-builder" uuid=f5eed9fe-5226-c751-3946-26c01619aa71 cgroup="/sys/fs/cgroup/devices/libvirt/qemu/rawhide-builder/" class=path path=/dev/hpet rdev=0A:E4 acl=rw exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'

As compared to this good event:

type=VIRT_RESOURCE msg=audit(1363276478.580:2938): pid=1993 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=net reason=open vm="rawhide-builder" uuid=f5eed9fe-5226-c751-3946-26c01619aa71 net=52:54:00:5D:63:CE path="/dev/vhost-net" rdev=0A:EE exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'

Version-Release number of selected component (if applicable):
libvirt-0.10.2.3-1.fc18.x86_64

How reproducible:
ausearch --start this week

Steps to Reproduce:
1. Run a vm
2. ausearch --start recent -m VIRT_RESOURCE -i  | grep cgroup | grep '^/dev'

  
Actual results:
Nothing

Expected results:
Events
Comment 2 Eric Blake 2013-04-19 13:37:25 EDT
(In reply to comment #0)

> Steps to Reproduce:
> 1. Run a vm
> 2. ausearch --start recent -m VIRT_RESOURCE -i  | grep cgroup | grep '^/dev'

Rather, ausearch --start recent -m VIRT_RESOURCE -i  | grep cgroup | grep 'path=/dev'

Fix proposed here:
https://www.redhat.com/archives/libvir-list/2013-April/msg01508.html
Comment 3 Eric Blake 2013-04-22 16:45:45 EDT
Backported to v0.10.2-maint; next build will pick this up:
commit 31c6bf35b9d9de04158318658f4fbf6a9e54ff28
Author: Eric Blake <eblake@redhat.com>
Date:   Fri Apr 19 11:30:44 2013 -0600

    audit: properly encode device path in cgroup audit
    
    https://bugzilla.redhat.com/show_bug.cgi?id=922186
    
    Commit d04916fa introduced a regression in audit quality - even
    though the code was computing the proper escaped name for a
    path, it wasn't feeding that escaped name on to the audit message.
    As a result, /var/log/audit/audit.log would mention a pair of
    fields class=path path=/dev/hpet instead of the intended
    class=path path="/dev/hpet", which in turn caused ausearch to
    format the audit log with path=(null).
    
    * src/conf/domain_audit.c (virDomainAuditCgroupPath): Use
    constructed encoding.
    
    Signed-off-by: Eric Blake <eblake@redhat.com>
Comment 4 Fedora Update System 2013-05-19 19:17:58 EDT
libvirt-0.10.2.5-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/libvirt-0.10.2.5-1.fc18
Comment 5 Fedora Update System 2013-05-21 04:26:54 EDT
Package libvirt-0.10.2.5-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libvirt-0.10.2.5-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-8681/libvirt-0.10.2.5-1.fc18
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-05-28 20:51:13 EDT
libvirt-0.10.2.5-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.