Clevis UDisks2 support performs privileged operations on behalf of an unprivileged user. For the purposes of auditing, this privilege transition needs to be logged.
When this issue is addressed an audit event should show in the log as result of using clevis with a flash memory drive.
UDisks2 support currently logs messages to standard error for the purposes of debugging. However, we need to log all attempted key recoveries to the audit log since this recovery occurred on data obtained with elevated privileges.
Clarification: clevis-udisks2 does logging. Not the entire framework.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.