[systemd-devel] Any movement on adding a pid indicator for setroubleshoot to add to the journal entry.

Daniel J Walsh dwalsh at redhat.com
Tue May 7 05:35:08 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/07/2013 08:22 AM, Kay Sievers wrote:
> On Tue, May 7, 2013 at 2:04 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> 
>> Really would like to be able to track an alert back to the causing pid.
> 
> You mean the: * introduce generic AUGMENT_PID=, AUGMENT_DEVICE= fields item
> in the TODO list, right?
> 
> A facility that one process can submit information really belonging to 
> another one, to the journal. In your case the setroubleshoot PID logs 
> something about the apache service, and if we query the status of apache we
> get that setroubleshoot logs along with the logs that originated from
> apache, right?
> 
> How do we handle the trust here? Allow that "augmentation" only for 
> privileged processes?
> 
> Kay
> 
Yes I would only allow priv processes to do this, I guess eventually we could
add an SELinux check to this and maybe a capability check like, CAP_SYSLOG?

But for now, just check that the UID==0 of the process doing an AUGMENT_PID.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlGI9PwACgkQrlYvE4MpobMqVwCeIf5WDUy/HX1Ft2o8GFlZYaza
t/wAmgPTn+EX6h8PYGcR9tYuZjRjVeI2
=WW6I
-----END PGP SIGNATURE-----


More information about the systemd-devel mailing list