3:19 p.m.
Hi Everyone
I am running libvirt with selinux driver under unprivileged user and the
Guest.log file is not written into /var/log/libvirt/qemu/Guest.log but
remains in Home Directory/.cache/libvirt/qemu/log/Guest.log.
Does anyone know why its not writing to the required log location.
Thanks
Regards,
Richa Marwaha
LTC Security
Email address:rmarwah@us.ibm.com
3:32 p.m.
On 08/23/2012 02:19 PM, Richa Marwaha wrote:
Hi Everyone
I am running libvirt with selinux driver under unprivileged user and the
Guest.log file is not written into /var/log/libvirt/qemu/Guest.log but
remains in Home Directory/.cache/libvirt/qemu/log/Guest.log.
Does anyone know why its not writing to the required log location.
That _is_ the desired default location for qemu:///session, and can be
further tuned by setting appropriate values for XDG_CONFIG_DIR
(defaulting to $HOME/.config) and contents of
$XDG_CONFIG_DIR/libvirt/libvirtd.conf (set the log_outputs config
variable). Only qemu:///system (for privileged users) has permissions
to write into /var/log.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
3:39 p.m.
Eric Blake <eblake(a)redhat.com> wrote on 08/23/2012 04:32:02 PM:
From:
Eric Blake <eblake(a)redhat.com>
To:
Richa Marwaha/Silicon Valley/IBM@IBMUS
Cc:
libvir-list(a)redhat.com
Date:
08/23/2012 04:32 PM
Subject:
Re: [libvirt] Guest log getting written in cache directory rather /
var/log/libvirt/qemu
On 08/23/2012 02:19 PM, Richa Marwaha wrote:
>
> Hi Everyone
>
> I am running libvirt with selinux driver under unprivileged user and
the
> Guest.log file is not written into
/var/log/libvirt/qemu/Guest.log but
> remains in Home Directory/.cache/libvirt/qemu/log/Guest.log.
> Does anyone know why its not writing to the required log location.
That _is_ the desired default location for qemu:///session, and can be
further tuned by setting appropriate values for XDG_CONFIG_DIR
(defaulting to $HOME/.config) and contents of
$XDG_CONFIG_DIR/libvirt/libvirtd.conf (set the log_outputs config
variable). Only qemu:///system (for privileged users) has permissions
to write into /var/log.
Thanks a lot Eric for the information.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[attachment "signature.asc" deleted by Richa Marwaha/Silicon Valley/IBM]
4:09 p.m.
Eric Blake <eblake(a)redhat.com> wrote on 08/23/2012 04:32:02 PM:
From:
Eric Blake <eblake(a)redhat.com>
To:
Richa Marwaha/Silicon Valley/IBM@IBMUS
Cc:
libvir-list(a)redhat.com
Date:
08/23/2012 04:32 PM
Subject:
Re: [libvirt] Guest log getting written in cache directory rather /
var/log/libvirt/qemu
On 08/23/2012 02:19 PM, Richa Marwaha wrote:
>
> Hi Everyone
>
> I am running libvirt with selinux driver under unprivileged user and
the
> Guest.log file is not written into
/var/log/libvirt/qemu/Guest.log but
> remains in Home Directory/.cache/libvirt/qemu/log/Guest.log.
> Does anyone know why its not writing to the required log location.
That _is_ the desired default location for qemu:///session, and can be
further tuned by setting appropriate values for XDG_CONFIG_DIR
(defaulting to $HOME/.config) and contents of
$XDG_CONFIG_DIR/libvirt/libvirtd.conf (set the log_outputs config
variable). Only qemu:///system (for privileged users) has permissions
to write into /var/log.
I have another question shouldn't the label of
HomeDirectory/.cache/libvirt/qemu/log/Guest.log be virt_log_t instead of
cache_home_t as I am getting the following denial for qemu-kvm when I am
running the guest
type=AVC msg=audit(1345648423.091:575): avc: denied { write } for
pid=29234 comm="qemu-kvm"
path="/home/richa/.cache/libvirt/qemu/log/F14_64.log" dev="dm-2"
ino=15204923 scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891
tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file
type=SYSCALL msg=audit(1345648423.091:575): arch=c000003e syscall=59
success=yes exit=0 a0=7f8458003060 a1=7f8458003a10 a2=7f84580029a0
a3=7f8473d2d850 items=0 ppid=1 pid=29234 auid=1000 uid=1000 gid=1000
euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none)
ses=2 comm="qemu-kvm" exe="/usr/bin/qemu-kvm"
subj=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 key=(null)
type=AVC msg=audit(1345648423.097:576): avc: denied { write } for
pid=29234 comm="qemu-kvm" name="lib" dev="dm-2"
ino=15204904
scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891
tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir
Regards
Richa
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[attachment "signature.asc" deleted by Richa Marwaha/Silicon Valley/IBM]
4:18 p.m.
On 08/23/2012 03:09 PM, Richa Marwaha wrote:
I have another question shouldn't the label of
HomeDirectory/.cache/libvirt/qemu/log/Guest.log be virt_log_t instead of
cache_home_t as I am getting the following denial for qemu-kvm when I am
running the guest
type=AVC msg=audit(1345648423.091:575): avc: denied { write } for
pid=29234 comm="qemu-kvm"
path="/home/richa/.cache/libvirt/qemu/log/F14_64.log" dev="dm-2"
ino=15204923 scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891
tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file
type=SYSCALL msg=audit(1345648423.091:575): arch=c000003e syscall=59
success=yes exit=0 a0=7f8458003060 a1=7f8458003a10 a2=7f84580029a0
a3=7f8473d2d850 items=0 ppid=1 pid=29234 auid=1000 uid=1000 gid=1000
euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none)
ses=2 comm="qemu-kvm" exe="/usr/bin/qemu-kvm"
subj=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 key=(null)
type=AVC msg=audit(1345648423.097:576): avc: denied { write } for
pid=29234 comm="qemu-kvm" name="lib" dev="dm-2"
ino=15204904
scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891
tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir
Sounds like a bug in the default Fedora SELinux policy - please open a BZ.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4474
days inactive
4474
days old
4 comments
2 participants
participants (2)
-
Eric Blake -
Richa Marwaha