PolicyKit and syslog
Matthias Clasen
mclasen at redhat.com
Tue Nov 24 16:35:13 UTC 2009
On Tue, 2009-11-24 at 11:26 -0500, Matthew Miller wrote:
> One of the important features of sudo is its ability to log elevated-access
> actions to syslog.
>
> Userhelper similarly logs actions, like so: "userhelper[26491]: running
> '/usr/share/system-config-users/system-config-users ' with root privileges
> on behalf of 'mattdm'".
>
> PolicyKit serves a similar function, but doesn't seem to log anything.
>
> In fact, the only use of syslog appears to be in polkit-agent-helper-1,
> which logs in two possible situations -- when called with the wrong number
> of arguments and when stdin is a tty. (Most other things it fprintfs to
> stderr.)
>
> I'm not bringing this up to complain -- I just want to make sure that I'm
> not missing something (which happens more often than it should; *sigh*). If
> I'm not missing something, is this something anyone is working on already or
> has existing plans for?
>
PolicyKit itself is not running anything. It is just answering the
question of a mechanism: 'is X allowed to do foo ?'. It would make more
sense for the mechanisms that use PolicyKit to log privileged actions
that they do or deny to do.
More information about the devel
mailing list