Bug 19005 - add syslog of denials and config file reloads
add syslog of denials and config file reloads
Product: dbus
Classification: Unclassified
Component: core
Other All
: medium normal
Assigned To: Havoc Pennington
John (J5) Palmieri
Depends on:
  Show dependency treegraph
Reported: 2008-12-10 11:21 UTC by Colin Walters
Modified: 2008-12-16 08:29 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

add syslog (7.87 KB, patch)
2008-12-10 11:21 UTC, Colin Walters
Details | Splinter Review
improved syslog (20.24 KB, patch)
2008-12-12 11:03 UTC, Colin Walters
Details | Splinter Review
also syslog message type (3.27 KB, patch)
2008-12-12 14:00 UTC, Colin Walters
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Colin Walters 2008-12-10 11:21:13 UTC
We need this for debugging denials, especially of signals.
Comment 1 Colin Walters 2008-12-10 11:21:37 UTC
Created attachment 21010 [details] [review]
add syslog
Comment 2 Havoc Pennington 2008-12-11 20:14:29 UTC
Looks nice. You probably want to openlog() so the program name is set in the log.

Another thing it would be nice to log on system bus is if we drop a connection due to an invalid message, we could log the "invalid reason" code; but it's sort of annoying to do this only for system bus and not for session bus (for session bus, we'd want that in stderr perhaps, come to think of it, though maybe session bus /dev/null's stderr?). Anyway, a future enhancement.
Comment 3 Colin Walters 2008-12-12 11:03:38 UTC
Created attachment 21097 [details] [review]
improved syslog

This one adds a <syslog> element that needs to be explicitly specified; otherwise things like "make check" spam syslog.  Besides those, it 

* Fixes the receive log
* Condenses the syslog message significantly
* Adds the number of rules that matched to the denial (quite helpful for debugging, though what i really want is a textual representation of the last matched rule)
Comment 4 Colin Walters 2008-12-12 14:00:57 UTC
Created attachment 21102 [details] [review]
also syslog message type

This further patch adds the message type to syslog.
Comment 5 Havoc Pennington 2008-12-13 21:08:24 UTC
Patches look good.
Comment 6 Colin Walters 2008-12-16 08:29:03 UTC
Thanks for the review.  Pushed:

commit b45440148a81d3efc0ed1a670f6e498de129bc62
Author: Colin Walters <walters@verbum.org>
Date:   Fri Dec 12 16:58:06 2008 -0500

    Add message type to security syslog entries
    It's part of the security check, we should have it in the log.

commit bb2a464067c6843320f367b590b0e4cb00225e50
Author: Colin Walters <walters@verbum.org>
Date:   Wed Dec 10 14:17:02 2008 -0500

    Add syslog of security denials and configuration file reloads
    We need to start logging denials so that they become more easily trackable
    and debuggable.