search for: audit_log_user_message

Hi, In kubevirt we are running into a strange permission problem on libvirt-5.0. We see transient "Permission Denied" errors when "virAuditSend" wants to send an audit log. [1] shows the logs of one of these containers. Here an example: {"component":"virt-launcher","level":"warning","msg":"Failed to send audit message

...randomly affects one out of a few hundred containers which we start > * It is not bound to a specific node > * It is only transient on that container. After a few denials libvirt can > just continue. The transient nature makes this really bizarre. The error message above comes from the audit_log_user_message() call that libvirt makes. This is implemented in libaudit.so using the sendto() syscall on a netlink socket opened with socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); So in terms of code being run there, there's very little - the EPERM is coming back from the kernel when sending the message....