projects / platform / core / security / cynara.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 72e9332) | patch
Introduce logging of privilege checks (AUDIT) 77/35177/6
authorAdam Malinowski <a.malinowsk2@partner.samsung.com>
Fri, 6 Feb 2015 08:58:02 +0000 (09:58 +0100)
committerLukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Mon, 23 Feb 2015 15:41:48 +0000 (07:41 -0800)
commitad9b2325f605f3ea48ec7c681ca67fa70462d51d
treecbf774c4a39316879097f7e94ebf54aefcceb61ctree | snapshot
parent72e9332b407370471f0688e436e5d524a1e1b69bcommit | diff
Introduce logging of privilege checks (AUDIT)

Added functionality saves privilege checking responses in systemd
journal. Such entries may be filtered using CYNARA_LOG_TYPE=AUDIT
field. Logging depends on configuration based on environment variable
CYNARA_AUDIT_LEVEL which may take one of following values:
  * NONE - nothing will be saved
  * DENY - only DENY responses will be saved (DEFAULT behaviour)
  * ALLOW - only ALLOW respones will be saved
  * OTHER - other policy types e.g. plugin specific
  * ALL - all above responses will be saved

Change-Id: Iaa46f3c579660784ffe5edc0c2120b822fb0061a
src/common/CMakeLists.txt diff | blob | history
src/common/log/AuditLog.cpp [new file with mode: 0644] blob
src/common/log/AuditLog.h [new file with mode: 0644] blob
src/service/logic/Logic.cpp diff | blob | history
src/service/logic/Logic.h diff | blob | history
systemd/cynara.service diff | blob | history
Domain: Security / Access Control;