Based on an upstream discussion, reporting the errno is useful for the
user to know why audit isn't supported. Even though having an error in
the logs might look concerning when 'audit_log=1', it also denotes that
audit is only going to be used if it's available, continuing normally
if it's unavailable for whatever reason.
Partially reverts commit 4199c2f221c.
https://bugzilla.redhat.com/show_bug.cgi?id=1596119
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
src/remote/remote_daemon.c | 2 +-
src/util/viraudit.c | 16 ++--------------
src/util/viraudit.h | 2 +-
3 files changed, 4 insertions(+), 16 deletions(-)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 3be3ad02fc..ededef97b4 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -1380,7 +1380,7 @@ int main(int argc, char **argv) {
if (config->audit_level) {
VIR_DEBUG("Attempting to configure auditing subsystem");
- if (virAuditOpen(config->audit_level) < 0) {
+ if (virAuditOpen() < 0) {
if (config->audit_level > 1) {
ret = VIR_DAEMON_ERR_AUDIT;
goto cleanup;
diff --git a/src/util/viraudit.c b/src/util/viraudit.c
index a02e5b36fd..135d0e626a 100644
--- a/src/util/viraudit.c
+++ b/src/util/viraudit.c
@@ -54,23 +54,11 @@ static int auditfd = -1;
#endif
static bool auditlog;
-int virAuditOpen(unsigned int audit_level ATTRIBUTE_UNUSED)
+int virAuditOpen(void)
{
#if WITH_AUDIT
if ((auditfd = audit_open()) < 0) {
- /* You get these error codes only when the kernel does not
- * have audit compiled in or it's disabled (e.g. by the kernel
- * cmdline) */
- if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT) {
- if (audit_level < 2)
- VIR_INFO("Audit is not supported by the kernel");
- else
- virReportError(VIR_FROM_THIS, "%s", _("Audit is not
supported by the kernel"));
- } else {
- virReportSystemError(errno, "%s", _("Unable to initialize
audit layer"));
- }
-
+ virReportSystemError(errno, "%s", _("Unable to initialize audit
layer"));
return -1;
}
diff --git a/src/util/viraudit.h b/src/util/viraudit.h
index 66605b16b5..7fbc28ba9b 100644
--- a/src/util/viraudit.h
+++ b/src/util/viraudit.h
@@ -31,7 +31,7 @@ typedef enum {
VIR_AUDIT_RECORD_RESOURCE,
} virAuditRecordType;
-int virAuditOpen(unsigned int audit_level);
+int virAuditOpen(void);
void virAuditLog(bool enabled);
--
2.20.1