[libvirt] Guest log getting written in cache directory rather /var/log/libvirt/qemu
Hi Everyone I am running libvirt with selinux driver under unprivileged user and the Guest.log file is not written into /var/log/libvirt/qemu/Guest.log but remains in Home Directory/.cache/libvirt/qemu/log/Guest.log. Does anyone know why its not writing to the required log location. Thanks Regards, Richa Marwaha LTC Security Email address:rmarwah@us.ibm.com
On 08/23/2012 02:19 PM, Richa Marwaha wrote:
Hi Everyone
I am running libvirt with selinux driver under unprivileged user and the Guest.log file is not written into /var/log/libvirt/qemu/Guest.log but remains in Home Directory/.cache/libvirt/qemu/log/Guest.log. Does anyone know why its not writing to the required log location.
That _is_ the desired default location for qemu:///session, and can be further tuned by setting appropriate values for XDG_CONFIG_DIR (defaulting to $HOME/.config) and contents of $XDG_CONFIG_DIR/libvirt/libvirtd.conf (set the log_outputs config variable). Only qemu:///system (for privileged users) has permissions to write into /var/log. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
From:
Eric Blake <eblake@redhat.com>
To:
Richa Marwaha/Silicon Valley/IBM@IBMUS
Cc:
libvir-list@redhat.com
Date:
08/23/2012 04:32 PM
Subject:
Re: [libvirt] Guest log getting written in cache directory rather / var/log/libvirt/qemu
On 08/23/2012 02:19 PM, Richa Marwaha wrote:
Hi Everyone
I am running libvirt with selinux driver under unprivileged user and
Eric Blake <eblake@redhat.com> wrote on 08/23/2012 04:32:02 PM: the
Guest.log file is not written into /var/log/libvirt/qemu/Guest.log but remains in Home Directory/.cache/libvirt/qemu/log/Guest.log. Does anyone know why its not writing to the required log location.
That _is_ the desired default location for qemu:///session, and can be further tuned by setting appropriate values for XDG_CONFIG_DIR (defaulting to $HOME/.config) and contents of $XDG_CONFIG_DIR/libvirt/libvirtd.conf (set the log_outputs config variable). Only qemu:///system (for privileged users) has permissions to write into /var/log.
Thanks a lot Eric for the information.
-- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
[attachment "signature.asc" deleted by Richa Marwaha/Silicon Valley/IBM]
From:
Eric Blake <eblake@redhat.com>
To:
Richa Marwaha/Silicon Valley/IBM@IBMUS
Cc:
libvir-list@redhat.com
Date:
08/23/2012 04:32 PM
Subject:
Re: [libvirt] Guest log getting written in cache directory rather / var/log/libvirt/qemu
On 08/23/2012 02:19 PM, Richa Marwaha wrote:
Hi Everyone
I am running libvirt with selinux driver under unprivileged user and
Eric Blake <eblake@redhat.com> wrote on 08/23/2012 04:32:02 PM: the
Guest.log file is not written into /var/log/libvirt/qemu/Guest.log but remains in Home Directory/.cache/libvirt/qemu/log/Guest.log. Does anyone know why its not writing to the required log location.
That _is_ the desired default location for qemu:///session, and can be further tuned by setting appropriate values for XDG_CONFIG_DIR (defaulting to $HOME/.config) and contents of $XDG_CONFIG_DIR/libvirt/libvirtd.conf (set the log_outputs config variable). Only qemu:///system (for privileged users) has permissions to write into /var/log.
I have another question shouldn't the label of HomeDirectory/.cache/libvirt/qemu/log/Guest.log be virt_log_t instead of cache_home_t as I am getting the following denial for qemu-kvm when I am running the guest type=AVC msg=audit(1345648423.091:575): avc: denied { write } for pid=29234 comm="qemu-kvm" path="/home/richa/.cache/libvirt/qemu/log/F14_64.log" dev="dm-2" ino=15204923 scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file type=SYSCALL msg=audit(1345648423.091:575): arch=c000003e syscall=59 success=yes exit=0 a0=7f8458003060 a1=7f8458003a10 a2=7f84580029a0 a3=7f8473d2d850 items=0 ppid=1 pid=29234 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 key=(null) type=AVC msg=audit(1345648423.097:576): avc: denied { write } for pid=29234 comm="qemu-kvm" name="lib" dev="dm-2" ino=15204904 scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir Regards Richa
-- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
[attachment "signature.asc" deleted by Richa Marwaha/Silicon Valley/IBM]
On 08/23/2012 03:09 PM, Richa Marwaha wrote:
I have another question shouldn't the label of HomeDirectory/.cache/libvirt/qemu/log/Guest.log be virt_log_t instead of cache_home_t as I am getting the following denial for qemu-kvm when I am running the guest
type=AVC msg=audit(1345648423.091:575): avc: denied { write } for pid=29234 comm="qemu-kvm" path="/home/richa/.cache/libvirt/qemu/log/F14_64.log" dev="dm-2" ino=15204923 scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file type=SYSCALL msg=audit(1345648423.091:575): arch=c000003e syscall=59 success=yes exit=0 a0=7f8458003060 a1=7f8458003a10 a2=7f84580029a0 a3=7f8473d2d850 items=0 ppid=1 pid=29234 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 key=(null) type=AVC msg=audit(1345648423.097:576): avc: denied { write } for pid=29234 comm="qemu-kvm" name="lib" dev="dm-2" ino=15204904 scontext=unconfined_u:unconfined_r:svirt_t:s0:c658,c891 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir
Sounds like a bug in the default Fedora SELinux policy - please open a BZ. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake -
Richa Marwaha