From 4199c2f221cf581f7a4258320a8eecd11a44babf Mon Sep 17 00:00:00 2001
From: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Date: Wed, 13 Dec 2017 11:56:13 +0100
Subject: [PATCH] audit: Log only an info message if audit_level < 2 and audit
 is not supported

Replace the error message during startup of libvirtd with an info
message if audit_level < 2 and audit is not supported by the
kernel. Audit is not supported by the current kernel if the kernel
does not have audit compiled in or if audit is disabled (e.g. by the
kernel cmdline).

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 daemon/libvirtd.c   |  2 +-
 src/util/viraudit.c | 16 ++++++++++++++--
 src/util/viraudit.h |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 5103e8debe..6d3b83355b 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1422,7 +1422,7 @@ int main(int argc, char **argv) {
 
     if (config->audit_level) {
         VIR_DEBUG("Attempting to configure auditing subsystem");
-        if (virAuditOpen() < 0) {
+        if (virAuditOpen(config->audit_level) < 0) {
             if (config->audit_level > 1) {
                 ret = VIR_DAEMON_ERR_AUDIT;
                 goto cleanup;
diff --git a/src/util/viraudit.c b/src/util/viraudit.c
index 17e58b3a95..0085dc37be 100644
--- a/src/util/viraudit.c
+++ b/src/util/viraudit.c
@@ -55,11 +55,23 @@ static int auditfd = -1;
 #endif
 static bool auditlog;
 
-int virAuditOpen(void)
+int virAuditOpen(unsigned int audit_level ATTRIBUTE_UNUSED)
 {
 #if WITH_AUDIT
     if ((auditfd = audit_open()) < 0) {
-        virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        /* You get these error codes only when the kernel does not
+         * have audit compiled in or it's disabled (e.g. by the kernel
+         * cmdline) */
+        if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+            errno == EAFNOSUPPORT) {
+            if (audit_level < 2)
+                VIR_INFO("Audit is not supported by the kernel");
+            else
+                virReportError(VIR_FROM_THIS, "%s", _("Audit is not supported by the kernel"));
+        } else {
+            virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        }
+
         return -1;
     }
 
diff --git a/src/util/viraudit.h b/src/util/viraudit.h
index ed3d66ab5d..478dc8408f 100644
--- a/src/util/viraudit.h
+++ b/src/util/viraudit.h
@@ -32,7 +32,7 @@ typedef enum {
     VIR_AUDIT_RECORD_RESOURCE,
 } virAuditRecordType;
 
-int virAuditOpen(void);
+int virAuditOpen(unsigned int audit_level);
 
 void virAuditLog(bool enabled);
 
-- 
GitLab