F21 Self Contained Change: Remote Journal Logging
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Tue Apr 15 18:05:34 UTC 2014
On Tue, Apr 15, 2014 at 09:25:39AM -0600, Kevin Fenzi wrote:
> To be clear here, all this is implemented in the two daemons right?
>
> When you say it uses https, thats natively done in the daemons, they
> don't need apache or some other https implementor in the way?
Yes, it's implemented in two daemons, using libmicrohttpd (for receiving)
and libcurl (for sending).
> Which ssl stack does this use? nss? openssl? gnutls? something else?
libmicrohttpd is linked with gnutls, and libcurl is linked with nss.
It's a bit unfortunate, but hard to work around. OTOH, it is likely that
only one of those daemons would be running on a given machine, so the
fact that they use different cryptostacks might not be that important.
The two daemons can be fairly well locked down, since they don't need
any prileges apart from access to the journal files. So they'll run as separate
users, the receiver with PrivateNetwork=yes. I also plan to add some seccomp
filters later on.
Zbyszek
More information about the devel
mailing list