Re: PolicyKit and syslog
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Tue, 24 Nov 2009, Matthias Clasen wrote:
On Tue, 2009-11-24 at 11:26 -0500, Matthew Miller wrote:One of the important features of sudo is its ability to log elevated-access actions to syslog. Userhelper similarly logs actions, like so: "userhelper: running '/usr/share/system-config-users/system-config-users ' with root privileges on behalf of 'mattdm'". PolicyKit serves a similar function, but doesn't seem to log anything. In fact, the only use of syslog appears to be in polkit-agent-helper-1, which logs in two possible situations -- when called with the wrong number of arguments and when stdin is a tty. (Most other things it fprintfs to stderr.) I'm not bringing this up to complain -- I just want to make sure that I'm not missing something (which happens more often than it should; *sigh*). If I'm not missing something, is this something anyone is working on already or has existing plans for?PolicyKit itself is not running anything. It is just answering the question of a mechanism: 'is X allowed to do foo ?'. It would make more sense for the mechanisms that use PolicyKit to log privileged actions that they do or deny to do.
when the policies are updated it is policy kit that has to be involved. polkitd is running, at least.
It would make sense for polkitd to note a change to a policy. Maybe also to note any communications to polkitd of any kind.
-sv -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]