powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
345 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 9b9f56de0d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9b9f56de0d'
${ noResults }
base/SOURCES/0308-Add-Seal-option-in-the...

57 lines
2.4 KiB
Raw Blame History

From f6a8db04fb20d142e514d805c613a1b3e70c454d Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@redhat.com>
Date: Sun, 20 Dec 2015 13:23:33 +0100
Subject: [PATCH] Add Seal option in the configuration file for journald-remote
While journal received remotely can be sealed, it can only be done
on the command line using --seal, so for consistency, we will
also permit to set it in the configuration file.
Cherry-picked from: 9d3737f13e9b38f88ed7acc800db66c2f025fac9
Resolves: #1329233
---
man/journal-remote.conf.xml | 7 +++++++
src/journal-remote/journal-remote.c | 1 +
src/journal-remote/journal-remote.conf.in | 1 +
3 files changed, 9 insertions(+)
diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml
index a7b222718..9a385c7e5 100644
--- a/man/journal-remote.conf.xml
+++ b/man/journal-remote.conf.xml
@@ -72,6 +72,13 @@
<literal>[Remote]</literal> section:</para>
<variablelist>
+ <varlistentry>
+ <term><varname>Seal=</varname></term>
+
+ <listitem><para>Periodically sign the data in the journal using Forward Secure Sealing.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>SplitMode=</varname></term>
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index b7cc6d717..9c515f9c8 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -1174,6 +1174,7 @@ static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode,
static int parse_config(void) {
const ConfigTableItem items[] = {
+ { "Remote", "Seal", config_parse_bool, 0, &arg_seal },
{ "Remote", "SplitMode", config_parse_write_split_mode, 0, &arg_split_mode },
{ "Remote", "ServerKeyFile", config_parse_path, 0, &arg_key },
{ "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert },
diff --git a/src/journal-remote/journal-remote.conf.in b/src/journal-remote/journal-remote.conf.in
index 3e32f34de..7122d6336 100644
--- a/src/journal-remote/journal-remote.conf.in
+++ b/src/journal-remote/journal-remote.conf.in
@@ -1,4 +1,5 @@
[Remote]
+# Seal=false
# SplitMode=host
# ServerKeyFile=@CERTIFICATEROOT@/private/journal-remote.pem
# ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-remote.pem