audit: Log only an info message if audit_level < 2 and audit is not supported

Replace the error message during startup of libvirtd with an info
message if audit_level < 2 and audit is not supported by the
kernel. Audit is not supported by the current kernel if the kernel
does not have audit compiled in or if audit is disabled (e.g. by the
kernel cmdline).

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 5103e8debea6c952294be27ac646bd209cb7d3ba..6d3b83355bcabda0c59672941d8967fe10647607 100644 (file)
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1422,7 +1422,7 @@ int main(int argc, char **argv) {
 
     if (config->audit_level) {
         VIR_DEBUG("Attempting to configure auditing subsystem");
-        if (virAuditOpen() < 0) {
+        if (virAuditOpen(config->audit_level) < 0) {
             if (config->audit_level > 1) {
                 ret = VIR_DAEMON_ERR_AUDIT;
                 goto cleanup;

diff --git a/src/util/viraudit.c b/src/util/viraudit.c
index 17e58b3a9574fbf033929c6193f224c7c9195870..0085dc37be6072bd8837f80b6311e8c65720d1d1 100644 (file)
--- a/src/util/viraudit.c
+++ b/src/util/viraudit.c
@@ -55,11 +55,23 @@ static int auditfd = -1;
 #endif
 static bool auditlog;
 
-int virAuditOpen(void)
+int virAuditOpen(unsigned int audit_level ATTRIBUTE_UNUSED)
 {
 #if WITH_AUDIT
     if ((auditfd = audit_open()) < 0) {
-        virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        /* You get these error codes only when the kernel does not
+         * have audit compiled in or it's disabled (e.g. by the kernel
+         * cmdline) */
+        if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+            errno == EAFNOSUPPORT) {
+            if (audit_level < 2)
+                VIR_INFO("Audit is not supported by the kernel");
+            else
+                virReportError(VIR_FROM_THIS, "%s", _("Audit is not supported by the kernel"));
+        } else {
+            virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
+        }
+
         return -1;
     }
 

diff --git a/src/util/viraudit.h b/src/util/viraudit.h
index ed3d66ab5d0fdf4598fe73f642bbcac22e895422..478dc8408f4e26254a4ff89e2e89c10c0718d284 100644 (file)
--- a/src/util/viraudit.h
+++ b/src/util/viraudit.h
@@ -32,7 +32,7 @@ typedef enum {
     VIR_AUDIT_RECORD_RESOURCE,
 } virAuditRecordType;
 
-int virAuditOpen(void);
+int virAuditOpen(unsigned int audit_level);
 
 void virAuditLog(bool enabled);