Discussion:
[libvirt-users] User name / session idin logs
Anastasiya Ruzhanskaya
2018-03-22 17:17:15 UTC
Permalink
Hello everyone,
I have a question about logging. I need to find out whether it is possible
to see user id/session id inside logs or somewhere else. It is not passed
in structured across the network, so where should I look to find out, which
user (which session) is currently performing the actions?
Erik Skultety
2018-04-12 08:01:59 UTC
Permalink
Post by Anastasiya Ruzhanskaya
Hello everyone,
I have a question about logging. I need to find out whether it is possible
to see user id/session id inside logs or somewhere else. It is not passed
in structured across the network, so where should I look to find out, which
user (which session) is currently performing the actions?
Hi,
sorry for a late answer. As per logging (debug logs to be more precise), libvirt
doesn't log the user/client id which performed the action. Sadly, there's
currently no way to find out which client is responsible for which actions.
The only thing you can gather from libvirtd is the info about the connected
clients not the actions they perform, you can get this info using virt-admin
(needs to be run as root)

# virt-admin client-list libvirtd
Id Transport Connected since
--------------------------------------------------
1 unix 2018-04-12 09:53:46+0200

# virt-admin client-info --server libvirtd --client 1
id : 1
connection_time: 2018-04-12 09:53:46+0200
transport : unix
readonly : no
unix_user_id : 1000
unix_user_name : eskultet
unix_group_id : 1001
unix_group_name: eskultet
unix_process_id: 19053
selinux_context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Regards,
Erik
Anastasiya Ruzhanskaya
2018-05-07 09:41:59 UTC
Permalink
Hi, I wanted just to ask an additional question to that:
how then here in the polkit documentation you distinguish users?:

Consider a local user berrange who has been granted permission to connect
to libvirt in full read-write mode.
Post by Anastasiya Ruzhanskaya
Hello everyone,
I have a question about logging. I need to find out whether it is
possible
Post by Anastasiya Ruzhanskaya
to see user id/session id inside logs or somewhere else. It is not passed
in structured across the network, so where should I look to find out,
which
Post by Anastasiya Ruzhanskaya
user (which session) is currently performing the actions?
Hi,
sorry for a late answer. As per logging (debug logs to be more precise), libvirt
doesn't log the user/client id which performed the action. Sadly, there's
currently no way to find out which client is responsible for which actions.
The only thing you can gather from libvirtd is the info about the connected
clients not the actions they perform, you can get this info using virt-admin
(needs to be run as root)
# virt-admin client-list libvirtd
Id Transport Connected since
--------------------------------------------------
1 unix 2018-04-12 09:53:46+0200
# virt-admin client-info --server libvirtd --client 1
id : 1
connection_time: 2018-04-12 09:53:46+0200
transport : unix
readonly : no
unix_user_id : 1000
unix_user_name : eskultet
unix_group_id : 1001
unix_group_name: eskultet
unix_process_id: 19053
selinux_context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Regards,
Erik
Anastasiya Ruzhanskaya
2018-05-07 12:27:10 UTC
Permalink
And also I heard that there is support of a SElinux driver..

2018-05-07 12:41 GMT+03:00 Anastasiya Ruzhanskaya <
Post by Anastasiya Ruzhanskaya
Consider a local user berrange who has been granted permission to connect
to libvirt in full read-write mode.
Post by Anastasiya Ruzhanskaya
Hello everyone,
I have a question about logging. I need to find out whether it is
possible
Post by Anastasiya Ruzhanskaya
to see user id/session id inside logs or somewhere else. It is not
passed
Post by Anastasiya Ruzhanskaya
in structured across the network, so where should I look to find out,
which
Post by Anastasiya Ruzhanskaya
user (which session) is currently performing the actions?
Hi,
sorry for a late answer. As per logging (debug logs to be more precise), libvirt
doesn't log the user/client id which performed the action. Sadly, there's
currently no way to find out which client is responsible for which actions.
The only thing you can gather from libvirtd is the info about the connected
clients not the actions they perform, you can get this info using virt-admin
(needs to be run as root)
# virt-admin client-list libvirtd
Id Transport Connected since
--------------------------------------------------
1 unix 2018-04-12 09:53:46+0200
# virt-admin client-info --server libvirtd --client 1
id : 1
connection_time: 2018-04-12 09:53:46+0200
transport : unix
readonly : no
unix_user_id : 1000
unix_user_name : eskultet
unix_group_id : 1001
unix_group_name: eskultet
unix_process_id: 19053
selinux_context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Regards,
Erik
Loading...