search for: netlink_audit

Hi, In kubevirt we are running into a strange permission problem on libvirt-5.0. We see transient "Permission Denied" errors when "virAuditSend" wants to send an audit log. [1] shows the logs of one of these containers. Here an example: {"component":"virt-launcher","level":"warning","msg":"Failed to send audit message

...ls libvirt can > just continue. The transient nature makes this really bizarre. The error message above comes from the audit_log_user_message() call that libvirt makes. This is implemented in libaudit.so using the sendto() syscall on a netlink socket opened with socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); So in terms of code being run there, there's very little - the EPERM is coming back from the kernel when sending the message. I'm not sure what scenario could cause this - perhaps the audit log buffer in the kernel is full or something like that ? > * Sometimes it is accompanied...