@@ -113,13 +113,65 @@ jobs:
113113 # Monitor systemd and related services that might affect devices
114114 sudo auditctl -w /usr/lib/systemd/ -p x -k systemd_execution || echo "Failed to monitor systemd"
115115
116+ # Monitor udev rule processing more specifically
117+ sudo auditctl -w /usr/lib/udev/rules.d/ -p r -k udev_rule_read || echo "Failed to monitor lib udev rule reads"
118+ sudo auditctl -w /etc/udev/rules.d/ -p r -k udev_rule_read || echo "Failed to monitor etc udev rule reads"
119+
120+ # Monitor udev daemon and rule compilation
121+ sudo auditctl -w /usr/bin/udevadm -p x -k udev_admin || echo "Failed to monitor udevadm"
122+ sudo auditctl -w /usr/lib/systemd/systemd-udevd -p x -k udev_daemon || echo "Failed to monitor udev daemon"
123+
124+ # Monitor rule database updates
125+ sudo auditctl -w /etc/udev/hwdb.bin -p wa -k udev_hwdb || echo "Failed to monitor etc hwdb"
126+ sudo auditctl -w /usr/lib/udev/hwdb.bin -p wa -k udev_hwdb || echo "Failed to monitor lib hwdb"
127+
116128 echo ""
117129 echo "Active audit rules:"
118130 sudo auditctl -l || echo "Failed to list audit rules"
119131 echo ""
120132 echo "Auditd status:"
121133 sudo systemctl status auditd --no-pager || sudo service auditd status || echo "Failed to get auditd status"
122134
135+ name : Start real-time udev event monitoring
136+ if : runner.os == 'Linux'
137+ run : |
138+ echo "Starting real-time udev event monitoring..."
139+
140+ # Start udev monitor in background to capture all events
141+ sudo udevadm monitor --environment --udev > /tmp/udev_events.log 2>&1 &
142+ UDEV_MONITOR_PID=$!
143+ echo "Started udev monitor with PID: $UDEV_MONITOR_PID"
144+ echo $UDEV_MONITOR_PID > /tmp/udev_monitor.pid
145+
146+ # Also monitor kernel events
147+ sudo udevadm monitor --environment --kernel > /tmp/kernel_events.log 2>&1 &
148+ KERNEL_MONITOR_PID=$!
149+ echo "Started kernel monitor with PID: $KERNEL_MONITOR_PID"
150+ echo $KERNEL_MONITOR_PID > /tmp/kernel_monitor.pid
151+
152+ # Give monitors time to start
153+ sleep 2
154+
155+ echo "Active monitoring processes:"
156+ ps aux | grep "udevadm monitor" | grep -v grep || echo "No monitor processes found"
157+
158+ name : Trigger udev rule processing
159+ if : runner.os == 'Linux'
160+ run : |
161+ echo "Triggering udev rule processing..."
162+
163+ # Reload udev rules
164+ sudo udevadm control --reload-rules
165+
166+ # Trigger processing of existing devices
167+ sudo udevadm trigger --subsystem-match=misc --attr-match=dev
168+
169+ # Wait for settlement
170+ sudo udevadm settle
171+
172+ echo "Post-trigger device state:"
173+ ls -la /dev/kvm /dev/mshv 2>/dev/null || echo "Devices still not present after trigger"
174+
123175# For rust-fmt
124176 - name : Set up nightly rust
125177 uses : dtolnay/rust-toolchain@nightly
@@ -302,21 +354,103 @@ jobs:
302354 echo "Systemd execution events:"
303355 sudo ausearch -k systemd_execution -ts today 2>/dev/null || echo "No systemd execution events found"
304356 echo ""
357+ echo "Udev rule read events:"
358+ sudo ausearch -k udev_rule_read -ts today 2>/dev/null || echo "No udev rule read events found"
359+ echo ""
360+ echo "Udev administration events:"
361+ sudo ausearch -k udev_admin -ts today 2>/dev/null || echo "No udev admin events found"
362+ echo ""
363+ echo "Udev daemon events:"
364+ sudo ausearch -k udev_daemon -ts today 2>/dev/null || echo "No udev daemon events found"
365+ echo ""
366+ echo "Udev hardware database events:"
367+ sudo ausearch -k udev_hwdb -ts today 2>/dev/null || echo "No udev hwdb events found"
368+ echo ""
305369 echo "All events affecting KVM device specifically:"
306370 sudo ausearch -f /dev/kvm -ts today 2>/dev/null || echo "No specific /dev/kvm events found"
307371 echo ""
308372 echo "All events affecting MSHV device specifically:"
309373 sudo ausearch -f /dev/mshv -ts today 2>/dev/null || echo "No specific /dev/mshv events found"
310374 echo ""
311- echo "Complete audit log entries:"
312- sudo cat /var/log/audit/audit.log 2>/dev/null || echo "Unable to read audit log"
375+ echo "=== Real-time Udev Event Analysis ==="
376+ echo "Captured udev events during job:"
377+ if [ -f /tmp/udev_events.log ]; then
378+ echo "--- Udev Events (filtered for relevance) ---"
379+ cat /tmp/udev_events.log | grep -E "(kvm|mshv|ACTION|DEVNAME)" || echo "No relevant udev events captured"
380+ echo ""
381+ echo "--- All udev events ---"
382+ cat /tmp/udev_events.log || echo "No udev events captured"
383+ else
384+ echo "No udev events log found"
385+ fi
386+ echo ""
387+ echo "Captured kernel events during job:"
388+ if [ -f /tmp/kernel_events.log ]; then
389+ echo "--- Kernel Events (filtered for relevance) ---"
390+ cat /tmp/kernel_events.log | grep -E "(kvm|mshv|ACTION|DEVNAME)" || echo "No relevant kernel events captured"
391+ echo ""
392+ echo "--- All kernel events ---"
393+ cat /tmp/kernel_events.log || echo "No kernel events captured"
394+ else
395+ echo "No kernel events log found"
396+ fi
397+ echo ""
398+ echo "Recent audit log entries (last 100 lines):"
399+ sudo tail -100 /var/log/audit/audit.log 2>/dev/null || echo "Unable to read audit log"
313400 echo ""
314401 echo "=== Process and System Analysis ==="
315402 echo "Currently running udev processes:"
316403 ps aux | grep -E "(udev|systemd)" | grep -v grep || echo "No udev/systemd processes found"
317404 echo ""
318- echo "Udev rules containing KVM or MSHV:"
319- find /etc/udev/rules.d/ /lib/udev/rules.d/ -name "*.rules" -exec grep -l "kvm\|mshv" {} + 2>/dev/null | xargs cat 2>/dev/null || echo "No udev rules found for hypervisor devices"
405+ echo "=== Udev Rules Analysis ==="
406+ echo "Udev rules containing KVM or MSHV (with file names):"
407+ find /etc/udev/rules.d/ /lib/udev/rules.d/ -name "*.rules" -exec grep -l "kvm\|mshv" {} + 2>/dev/null | while read rule_file; do
408+ echo ""
409+ echo "=========================================="
410+ echo "Rule File: $rule_file"
411+ echo "Modified: $(stat -c %y "$rule_file" 2>/dev/null || echo "Cannot read timestamp")"
412+ echo "Size: $(stat -c %s "$rule_file" 2>/dev/null || echo "Unknown") bytes"
413+ echo "Content (KVM/MSHV related lines):"
414+ grep -n "kvm\|mshv" "$rule_file" 2>/dev/null || echo "Cannot read content"
415+ echo "Full rule context:"
416+ cat "$rule_file" 2>/dev/null || echo "Cannot read full file"
417+ echo "=========================================="
418+ done
419+ if [ -z "$(find /etc/udev/rules.d/ /lib/udev/rules.d/ -name "*.rules" -exec grep -l "kvm\|mshv" {} + 2>/dev/null)" ]; then
420+ echo "No udev rules found containing KVM or MSHV"
421+ fi
422+ echo ""
423+ echo "All udev rule files (for reference):"
424+ find /etc/udev/rules.d/ /lib/udev/rules.d/ -name "*.rules" 2>/dev/null | head -20 || echo "Cannot list udev rule files"
425+ echo ""
426+ echo "Udev database state for hypervisor devices:"
427+ udevadm info --export-db | grep -A10 -B5 "kvm\|mshv" || echo "No KVM/MSHV entries in udev database"
428+ echo ""
429+ echo "Manual device info:"
430+ if [ -e /dev/kvm ]; then
431+ echo "KVM device udev info:"
432+ udevadm info /dev/kvm || echo "Cannot get udev info for KVM device"
433+ fi
434+ if [ -e /dev/mshv ]; then
435+ echo "MSHV device udev info:"
436+ udevadm info /dev/mshv || echo "Cannot get udev info for MSHV device"
437+ fi
438+ echo ""
439+ echo "Udev control and database timestamps:"
440+ ls -la /run/udev/ 2>/dev/null || echo "Cannot access /run/udev/"
320441 echo ""
321442 echo "Available groups on system:"
322443 getent group | grep -E "(kvm|mshv|libvirt)" || echo "No hypervisor-related groups found"
444+ echo ""
445+ echo "=== Cleanup ==="
446+ # Stop monitoring processes
447+ if [ -f /tmp/udev_monitor.pid ]; then
448+ UDEV_PID=$(cat /tmp/udev_monitor.pid)
449+ sudo kill $UDEV_PID 2>/dev/null || echo "Could not stop udev monitor"
450+ echo "Stopped udev monitor (PID: $UDEV_PID)"
451+ fi
452+ if [ -f /tmp/kernel_monitor.pid ]; then
453+ KERNEL_PID=$(cat /tmp/kernel_monitor.pid)
454+ sudo kill $KERNEL_PID 2>/dev/null || echo "Could not stop kernel monitor"
455+ echo "Stopped kernel monitor (PID: $KERNEL_PID)"
456+ fi
0 commit comments