Red Hat Bugzilla – Bug 1478888
Clevis should log privileged operations
Last modified: 2017-10-02 17:31:46 EDT
Clevis UDisks2 support performs privileged operations on behalf of an unprivileged user. For the purposes of auditing, this privilege transition needs to be logged.
When this issue is addressed an audit event should show in the log as result of using clevis with a flash memory drive.
UDisks2 support currently logs messages to standard error for the purposes of debugging. However, we need to log all attempted key recoveries to the audit log since this recovery occurred on data obtained with elevated privileges.