We need this for debugging denials, especially of signals.
Created attachment 21010 [details] [review] add syslog
Looks nice. You probably want to openlog() so the program name is set in the log. Another thing it would be nice to log on system bus is if we drop a connection due to an invalid message, we could log the "invalid reason" code; but it's sort of annoying to do this only for system bus and not for session bus (for session bus, we'd want that in stderr perhaps, come to think of it, though maybe session bus /dev/null's stderr?). Anyway, a future enhancement.
Created attachment 21097 [details] [review] improved syslog This one adds a <syslog> element that needs to be explicitly specified; otherwise things like "make check" spam syslog. Besides those, it * Fixes the receive log * Condenses the syslog message significantly * Adds the number of rules that matched to the denial (quite helpful for debugging, though what i really want is a textual representation of the last matched rule)
Created attachment 21102 [details] [review] also syslog message type This further patch adds the message type to syslog.
Patches look good.
Thanks for the review. Pushed: commit b45440148a81d3efc0ed1a670f6e498de129bc62 Author: Colin Walters <walters@verbum.org> Date: Fri Dec 12 16:58:06 2008 -0500 Add message type to security syslog entries It's part of the security check, we should have it in the log. commit bb2a464067c6843320f367b590b0e4cb00225e50 Author: Colin Walters <walters@verbum.org> Date: Wed Dec 10 14:17:02 2008 -0500 Add syslog of security denials and configuration file reloads We need to start logging denials so that they become more easily trackable and debuggable.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.