https://bugzilla.redhat.com/show_bug.cgi?id=922186 Commit d04916fa introduced a regression in audit quality - even though the code was computing the proper escaped name for a path, it wasn't feeding that escaped name on to the audit message. As a result, /var/log/audit/audit.log would mention a field path=/dev/hpet instead of the intended path="/dev/hpet", which in turn caused ausearch to format the audit log as path=(null). * src/conf/domain_audit.c (virDomainAuditCgroupPath): Use constructed encoding. Signed-off-by: Eric Blake <eblake(a)redhat.com&gt; --- A rather embarrassing bug of mine, especially since it took two years to find that such a trivial fix was needed. src/conf/domain_audit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 85d97b4..6d0ae48 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -1,7 +1,7 @@ /* * domain_audit.c: Domain audit management * - * Copyright (C) 2006-2012 Red Hat, Inc. + * Copyright (C) 2006-2013 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -682,8 +682,8 @@ virDomainAuditCgroupPath(virDomainObjPtr vm, virCgroupPtr cgroup, rdev = virDomainAuditGetRdev(path); if (!(detail = virAuditEncode("path", path)) || - virAsprintf(&extra, "path path=%s rdev=%s acl=%s", - path, VIR_AUDIT_STR(rdev), perms) < 0) { + virAsprintf(&extra, "path %s rdev=%s acl=%s", + detail, VIR_AUDIT_STR(rdev), perms) < 0) { VIR_WARN("OOM while encoding audit message"); goto cleanup; }