Bug 2135581

Summary: Threat model finding: logging chronyc unix socket commands.
Product: Red Hat Enterprise Linux 9 Reporter: Wade Mealing <wmealing>
Component: chronyAssignee: Miroslav Lichvar <mlichvar>
Status: ASSIGNED --- QA Contact: rhel-cs-infra-services-qe <rhel-cs-infra-services-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0Keywords: Triaged
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2231078    
Bug Blocks:    

Comment 1 Miroslav Lichvar 2022-12-01 15:58:00 UTC 
In the latest upstream code all important changes made by chronyc should be now logged, e.g. added/removed sources (including changes in sourcefiles) and access restrictions, reloaded keys, modified makestep, etc. To avoid spamming the log with unnecessary information it doesn't log commands that don't change anything important for chronyd operation (e.g. dumping sources) or already have a related log message (e.g. adding or removing a manual sample triggers the "making a frequency change/slew" message).
Comment 2 Miroslav Lichvar 2023-08-10 13:53:44 UTC 
This issue will be fixed by rebase to chrony-4.4 (bug #2231078).