Outline information commonly logged which users could consider
sensitive.
Add a note that VNC/SPICE passwords are logged in plaintext.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
docs/kbase/debuglogs.rst | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/docs/kbase/debuglogs.rst b/docs/kbase/debuglogs.rst
index c361c698c5..00dbc9bbf7 100644
--- a/docs/kbase/debuglogs.rst
+++ b/docs/kbase/debuglogs.rst
@@ -300,6 +300,8 @@ Now you should go and reproduce the bug. Once you're finished, attach:
- If you are asked for client logs, ``/tmp/libvirt_client.log``.
- Ideally don't tear down the environment in case additional information is
required.
+- Consider whether you consider any of the information in the debug logs
+ sensitive: `Sensitive information in debug logs`_.
Example filter settings
=======================
@@ -339,3 +341,25 @@ This filter logs only QMP traffic and skips most of libvirt's messages.
::
2:qemu.qemu_monitor 3:*
+
+Sensitive information in debug logs
+===================================
+
+Debug logs may contain information that certain users may consider sensitive
+although generally it's okay to share debuglogs publicly.
+
+Information which could be deemed sensitive:
+
+ - hostname of the host
+ - names of VMs and other objects
+ - paths to disk images
+ - IP addresses of guests and the host
+ - hostnames/IP addresses of disks accessed via network
+
+
+Libvirt's debug logs only ever have passwords and disk encryption secrets in
+encrypted form without the key being part of the log. There's one notable
+exception, that ``VNC/SPICE`` passwords can be found in the logs.
+
+In case you decide to mask information you consider sensitive from the posted
+debug logs, make sure that the masking doesn't introduce ambiguity.
--
2.34.1
On 1/31/22 13:36, Peter Krempa wrote: > Outline information commonly logged which users could consider > sensitive. > > Add a note that VNC/SPICE passwords are logged in plaintext. > > Signed-off-by: Peter Krempa <pkrempa@redhat.com> > --- > docs/kbase/debuglogs.rst | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/docs/kbase/debuglogs.rst b/docs/kbase/debuglogs.rst > index c361c698c5..00dbc9bbf7 100644 > --- a/docs/kbase/debuglogs.rst > +++ b/docs/kbase/debuglogs.rst > @@ -300,6 +300,8 @@ Now you should go and reproduce the bug. Once you're finished, attach: > - If you are asked for client logs, ``/tmp/libvirt_client.log``. > - Ideally don't tear down the environment in case additional information is > required. > +- Consider whether you consider any of the information in the debug logs > + sensitive: `Sensitive information in debug logs`_. "Consider whether you view"? I don't like doubled words being doubled. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
On Mon, Jan 31, 2022 at 14:06:38 +0100, Michal Prívozník wrote: > On 1/31/22 13:36, Peter Krempa wrote: > > Outline information commonly logged which users could consider > > sensitive. > > > > Add a note that VNC/SPICE passwords are logged in plaintext. > > > > Signed-off-by: Peter Krempa <pkrempa@redhat.com> > > --- > > docs/kbase/debuglogs.rst | 24 ++++++++++++++++++++++++ > > 1 file changed, 24 insertions(+) > > > > diff --git a/docs/kbase/debuglogs.rst b/docs/kbase/debuglogs.rst > > index c361c698c5..00dbc9bbf7 100644 > > --- a/docs/kbase/debuglogs.rst > > +++ b/docs/kbase/debuglogs.rst > > @@ -300,6 +300,8 @@ Now you should go and reproduce the bug. Once you're finished, attach: > > - If you are asked for client logs, ``/tmp/libvirt_client.log``. > > - Ideally don't tear down the environment in case additional information is > > required. > > +- Consider whether you consider any of the information in the debug logs > > + sensitive: `Sensitive information in debug logs`_. > > "Consider whether you view"? I don't like doubled words being doubled. Oops, that was ~3rd version of that sentence. Should've started from scratch :D
© 2016 - 2024 Red Hat, Inc.