From: Peter Krempa Date: Mon, 31 Jan 2022 12:26:21 +0000 (+0100) Subject: kbase: debuglogs: Add note about sensitive information in the logs X-Git-Tag: v8.1.0-rc1~237 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=463af62c2c28371144c2ff0e0a5c37347b261bdf;p=thirdparty%2Flibvirt.git kbase: debuglogs: Add note about sensitive information in the logs Outline information commonly logged which users could consider sensitive. Add a note that VNC/SPICE passwords are logged in plaintext. Signed-off-by: Peter Krempa Reviewed-by: Michal Privoznik --- diff --git a/docs/kbase/debuglogs.rst b/docs/kbase/debuglogs.rst index c361c698c5..83bc0e6ad7 100644 --- a/docs/kbase/debuglogs.rst +++ b/docs/kbase/debuglogs.rst @@ -300,6 +300,8 @@ Now you should go and reproduce the bug. Once you're finished, attach: - If you are asked for client logs, ``/tmp/libvirt_client.log``. - Ideally don't tear down the environment in case additional information is required. +- Consider whether you view any of the information in the debug logs + sensitive: `Sensitive information in debug logs`_. Example filter settings ======================= @@ -339,3 +341,25 @@ This filter logs only QMP traffic and skips most of libvirt's messages. :: 2:qemu.qemu_monitor 3:* + +Sensitive information in debug logs +=================================== + +Debug logs may contain information that certain users may consider sensitive +although generally it's okay to share debuglogs publicly. + +Information which could be deemed sensitive: + + - hostname of the host + - names of VMs and other objects + - paths to disk images + - IP addresses of guests and the host + - hostnames/IP addresses of disks accessed via network + + +Libvirt's debug logs only ever have passwords and disk encryption secrets in +encrypted form without the key being part of the log. There's one notable +exception, that ``VNC/SPICE`` passwords can be found in the logs. + +In case you decide to mask information you consider sensitive from the posted +debug logs, make sure that the masking doesn't introduce ambiguity.