Include pid namespace inode in LXC audit messages

To allow the efficient correlation of container audit messages with host hosts, include the pid namespace inode in audit messages.
2025-03-20 07:59:00 +00:00 · 2013-03-06 14:56:49 +00:00 · 2013-03-06 14:56:49 +00:00 · ab1ef3bc6c
commit ab1ef3bc6c
parent eaf7d4ddff
3 changed files with 49 additions and 5 deletions
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@ -649,7 +649,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)

 void
 virDomainAuditInit(virDomainObjPtr vm,
-                   pid_t initpid)
+                   pid_t initpid,
+                   ino_t pidns)
 {
    char uuidstr[VIR_UUID_STRING_BUFLEN];
    char *vmname;
@ -668,8 +669,9 @@ virDomainAuditInit(virDomainObjPtr vm,
    }

    VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, true,
-              "virt=%s op=init %s uuid=%s vm-pid=%lld init-pid=%lld",
-              virt, vmname, uuidstr, (long long)vm->pid, (long long)initpid);
+              "virt=%s op=init %s uuid=%s vm-pid=%lld init-pid=%lld pid-ns=%lld",
+              virt, vmname, uuidstr, (long long)vm->pid, (long long)initpid,
+              (long long)pidns);

    VIR_FREE(vmname);
 }
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@ -32,7 +32,8 @@ void virDomainAuditStart(virDomainObjPtr vm,
                         bool success)
    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
 void virDomainAuditInit(virDomainObjPtr vm,
-                        pid_t pid)
+                        pid_t pid,
+                        ino_t pidns)
    ATTRIBUTE_NONNULL(1);
 void virDomainAuditStop(virDomainObjPtr vm,
                        const char *reason)
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@ -630,6 +630,36 @@ static void virLXCProcessMonitorExitNotify(virLXCMonitorPtr mon ATTRIBUTE_UNUSED
              priv->stopReason, status);
 }

+static int
+virLXCProcessGetNsInode(pid_t pid,
+                        const char *nsname,
+                        ino_t *inode)
+{
+    char *path = NULL;
+    struct stat sb;
+    int ret = -1;
+
+    if (virAsprintf(&path, "/proc/%llu/ns/%s",
+                    (unsigned long long)pid, nsname) < 0) {
+        virReportOOMError();
+        goto cleanup;
+    }
+
+    if (stat(path, &sb) < 0) {
+        virReportSystemError(errno,
+                             _("Unable to stat %s"), path);
+        goto cleanup;
+    }
+
+    *inode = sb.st_ino;
+    ret = 0;
+
+cleanup:
+    VIR_FREE(path);
+    return ret;
+}
+
+
 /* XXX a little evil */
 extern virLXCDriverPtr lxc_driver;
 static void virLXCProcessMonitorInitNotify(virLXCMonitorPtr mon ATTRIBUTE_UNUSED,
@ -637,8 +667,19 @@ static void virLXCProcessMonitorInitNotify(virLXCMonitorPtr mon ATTRIBUTE_UNUSED
                                           virDomainObjPtr vm)
 {
    virLXCDomainObjPrivatePtr priv = vm->privateData;
+    ino_t inode;
+
    priv->initpid = initpid;
-    virDomainAuditInit(vm, initpid);
+
+    if (virLXCProcessGetNsInode(initpid, "pid", &inode) < 0) {
+        virErrorPtr err = virGetLastError();
+        VIR_WARN("Cannot obtain pid NS inode for %llu: %s",
+                 (unsigned long long)initpid,
+                 err && err->message ? err->message : "<unknown>");
+        virResetLastError();
+        inode = 0;
+    }
+    virDomainAuditInit(vm, initpid, inode);

    if (virDomainSaveStatus(lxc_driver->caps, lxc_driver->stateDir, vm) < 0)
        VIR_WARN("Cannot update XML with PID for LXC %s", vm->def->name);