audit: Log only an info message if audit_level < 2 and audit is not supported

Replace the error message during startup of libvirtd with an info message if audit_level < 2 and audit is not supported by the kernel. Audit is not supported by the current kernel if the kernel does not have audit compiled in or if audit is disabled (e.g. by the kernel cmdline). Signed-off-by: N Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: N Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>

audit: Log only an info message if audit_level < 2 and audit is not supported
Replace the error message during startup of libvirtd with an info message if audit_level < 2 and audit is not supported by the kernel. Audit is not supported by the current kernel if the kernel does not have audit compiled in or if audit is disabled (e.g. by the kernel cmdline). Signed-off-by: N Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: N Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>
4199c2f2 · Marc Hartmayer · Michal Privoznik · fbe32b78 · 4199c2f2 · 4199c2f2
隐藏空白更改
内联并排

Showing with 16 addition and 4 deletion

daemon/libvirtd.c daemon/libvirtd.c +1 -1

src/util/viraudit.c src/util/viraudit.c +14 -2

src/util/viraudit.h src/util/viraudit.h +1 -1

未找到文件。
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1422,7 +1422,7 @@ int main(int argc, char **argv) {

    if (config->audit_level) {
        VIR_DEBUG("Attempting to configure auditing subsystem");
-        if (virAuditOpen() < 0) {
+        if (virAuditOpen(config->audit_level) < 0) {
            if (config->audit_level > 1) {
                ret = VIR_DAEMON_ERR_AUDIT;
                goto cleanup;

--- a/src/util/viraudit.c
+++ b/src/util/viraudit.c
@@ -55,11 +55,23 @@ static int auditfd = -1;
 #endif
 static bool auditlog;

-int virAuditOpen(void)
+int virAuditOpen(unsigned int audit_level ATTRIBUTE_UNUSED)
 {
 #if WITH_AUDIT
    if ((auditfd = audit_open()) < 0) {
-        virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        /* You get these error codes only when the kernel does not
+         * have audit compiled in or it's disabled (e.g. by the kernel
+         * cmdline) */
+        if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+            errno == EAFNOSUPPORT) {
+            if (audit_level < 2)
+                VIR_INFO("Audit is not supported by the kernel");
+            else
+                virReportError(VIR_FROM_THIS, "%s", _("Audit is not supported by the kernel"));
+        } else {
+            virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        }
+
        return -1;
    }


--- a/src/util/viraudit.h
+++ b/src/util/viraudit.h
@@ -32,7 +32,7 @@ typedef enum {
    VIR_AUDIT_RECORD_RESOURCE,
 } virAuditRecordType;

-int virAuditOpen(void);
+int virAuditOpen(unsigned int audit_level);

 void virAuditLog(bool enabled);