And also I heard that there is support of a SElinux driver..
2018-05-07 12:41 GMT+03:00 Anastasiya Ruzhanskaya <
anastasiya.ruzhanskaya(a)frtk.ru>:
Hi, I wanted just to ask an additional question to that:
how then here in the polkit documentation you distinguish users?:
Consider a local user berrange who has been granted permission to connect
> to libvirt in full read-write mode.
>
2018-04-12 11:01 GMT+03:00 Erik Skultety <eskultet(a)redhat.com>:
> On Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello everyone,
> > I have a question about logging. I need to find out whether it is
> possible
> > to see user id/session id inside logs or somewhere else. It is not
> passed
> > in structured across the network, so where should I look to find out,
> which
> > user (which session) is currently performing the actions?
>
> Hi,
> sorry for a late answer. As per logging (debug logs to be more precise),
> libvirt
> doesn't log the user/client id which performed the action. Sadly, there's
> currently no way to find out which client is responsible for which
> actions.
> The only thing you can gather from libvirtd is the info about the
> connected
> clients not the actions they perform, you can get this info using
> virt-admin
> (needs to be run as root)
>
> # virt-admin client-list libvirtd
> Id Transport Connected since
> --------------------------------------------------
> 1 unix 2018-04-12 09:53:46+0200
>
> # virt-admin client-info --server libvirtd --client 1
> id : 1
> connection_time: 2018-04-12 09:53:46+0200
> transport : unix
> readonly : no
> unix_user_id : 1000
> unix_user_name : eskultet
> unix_group_id : 1001
> unix_group_name: eskultet
> unix_process_id: 19053
> selinux_context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
> Regards,
> Erik
>