Bug 541040
Summary: | Enable logging in PolicyKit (for policy changes and for authorizations.) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matthew Miller <mattdm> |
Component: | polkit | Assignee: | David Zeuthen <davidz> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | davidz, mclasen, sgrubb, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-02-15 21:37:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthew Miller
2009-11-24 19:36:51 UTC
I should add that the work to do this is both not terribly complex and not terribly thrilling. My daughter is at home with the swine flu and I'm watching her, which isn't, what with the lethargy and all, a terribly demanding task. So I may have time to work on a first cut. Unless someone _else_ is really excited about this and wants to beat me to it. :) So one thing that occurs to me as soon as I start poking at the code -- it's relatively easy to have it emit a log message when a policy file is changed, but this is largely useless because there's no way to verify the policy state _at startup_. So I think it's probably better to leave that aspect to more traditional tools for monitoring file changes. I should add that on Linux, the only authoritative access log is the audit system. This is because syslog has no integrity guarantees. So, any access decisions should probably go to the audit system which requires CAP_AUDIT_WRITE. Pam already logs to the audit system. Logging has been added in polkit 0.96, which will appear in F13. |