On Wed, Apr 08, 2026 at 00:10:37 -0400, Laine Stump via Devel wrote:
From: Laine Stump <laine@redhat.com>
As libvirt is used more and more in unprivileged/session mode, file/socket permission errors have become more common. This patch adds the username and uid of the process to the line in the log banner (the first thing sent to every log target after the process starts) that previously just gave the hostname.
We can expand on this idea to include more generally useful info about the environment we're running in. (We just need to remember that in this context we can't call anything that could lead to recursively calling the logging system (i.e. we can't call any code that reports an error, or a VIR_WARN, etc))
^^^^^ ...
Signed-off-by: Laine Stump <laine@redhat.com> ---
V2: removed all the "unprivileged/session mode" stuff as suggested by Daniel. Now we just add user and uid to the existing hostname line
src/util/virlog.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/util/virlog.c b/src/util/virlog.c index cab23f613f..ccdf66c396 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -526,16 +526,18 @@ virLogToOneTarget(virLogSource *source, bool *needInit) { if (*needInit) { + uid_t uid = geteuid(); + g_autofree char *username = virGetUserName(uid);
... 'virGetUserName' calls 'virGetUserEnt' with the 'quiet' argument being false, which makes it report errors via 'virReportSystemError' contradicting the above statement ...
g_autofree char *hoststr = NULL;
/* put some useful info at the top of the log. Avoid calling * any function that might end up reporting an error or * otherwise logging something, to prevent recursion. */ - virLogOneInitMsg(timestamp, VIR_LOG_VERSION_STRING, outputFunc, data);
- hoststr = g_strdup_printf("hostname: %s", g_get_host_name()); + hoststr = g_strdup_printf("hostname: %s, user: %s, uid: %u", + g_get_host_name(), username, uid);
... as well as username may be NULL here. The latter can be fixed by using NULLSTR(username) here, but the former will require exporting another wrapper over 'virGetUserEnt'. But I'd perhaps just suggest logging the UID, the username itself isn't IMO really that importahnt. Also in instances where uid_t/gid_t is used with printf we tend to use typecast to either (long) or (int). I'm not sure which platforms would have different uid_t but either consider using typecases such asi in the DAC security driver: src/security/security_dac.c- VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " src/security/security_dac.c- "permitted", src/security/security_dac.c: (long)uid, (long)gid, NULLSTR(path)); and/or make sure to run it through CI .
virLogOneInitMsg(timestamp, hoststr, outputFunc, data);
Reviewed-by: Peter Krempa <pkrempa@redhat.com>