[systemd-devel] Any movement on adding a pid indicator for setroubleshoot to add to the journal entry.
Daniel J Walsh
dwalsh at redhat.com
Tue May 7 05:35:08 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/07/2013 08:22 AM, Kay Sievers wrote:
> On Tue, May 7, 2013 at 2:04 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> Really would like to be able to track an alert back to the causing pid.
>
> You mean the: * introduce generic AUGMENT_PID=, AUGMENT_DEVICE= fields item
> in the TODO list, right?
>
> A facility that one process can submit information really belonging to
> another one, to the journal. In your case the setroubleshoot PID logs
> something about the apache service, and if we query the status of apache we
> get that setroubleshoot logs along with the logs that originated from
> apache, right?
>
> How do we handle the trust here? Allow that "augmentation" only for
> privileged processes?
>
> Kay
>
Yes I would only allow priv processes to do this, I guess eventually we could
add an SELinux check to this and maybe a capability check like, CAP_SYSLOG?
But for now, just check that the UID==0 of the process doing an AUGMENT_PID.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGI9PwACgkQrlYvE4MpobMqVwCeIf5WDUy/HX1Ft2o8GFlZYaza
t/wAmgPTn+EX6h8PYGcR9tYuZjRjVeI2
=WW6I
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list