On 11/12/2015 12:19 PM, Daniel P. Berrange wrote:
Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr.
This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- cfg.mk | 2 +- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 15 ++++ src/qemu/qemu_conf.c | 18 +++++ src/qemu/qemu_conf.h | 1 + src/qemu/qemu_domain.c | 153 ++++++++++++++++++++++++++----------- src/qemu/test_libvirtd_qemu.aug.in | 1 + 7 files changed, 145 insertions(+), 46 deletions(-)
ACK John