logging: enable logging domain VPN_PLUGIN up to level

System Internals / NetworkManager - Thomas Haller [redhat.com] - 17 June 2016 01:19 UTC

The logging domain VPN_PLUGIN controlls logging of the VPN plugins. Especially at verbose levels and , the plugins might reveal sensitive information in the logging.

Thus, this level should not be enabled by a

$ nmcli logging general level DEBUG domains ALL

It should only be enabled when requested explicitly.

$ nmcli logging general level DEBUG domains ALL,VPN_PLUGIN:DEBUG

Previously, the special level VPN_PLUGIN was entirely excluded from ALL and DEFAULT domains and it was entirely disabled by default. That is however to strict, as it completely silences the VPN plugins by defult. Now, enable them by default up to level INFO.

VPN plugins should take care that they don't reveal sensitive information at levels (LOG_NOTICE) and higher (less verbose). For more verbose levels they may print passwords, but that should still be avoided as far as possible.

4143fbd logging: enable logging domain VPN_PLUGIN up to level
man/NetworkManager.conf.xml | 8 +++++---
src/nm-logging.c | 24 +++++++++++++++++++-----
src/nm-logging.h | 4 +---
3 files changed, 25 insertions(+), 11 deletions(-)

Upstream: cgit.freedesktop.org

Related NetworkManager Activity

logging: support an "OFF" logging level
Thomas Haller

Recent NetworkManager Activity

initrd: fix generation of MTU and cloned-mac-address for masters
Beniamino Galvani

supplicant,device: support AP isolation
Beniamino Galvani

all: add ap-isolation property to wifi setting
Beniamino Galvani

release: fix RC_VERSION for release script
Thomas Haller

nmcs-gcp: merge branch 'ac/gcp_cloud_support'
Antonio Cardace

logging: enable logging domain VPN_PLUGIN up to level

System Internals / NetworkManager - Thomas Haller [redhat.com] - 17 June 2016 01:19 UTC

Related NetworkManager Activity

Share

Recent NetworkManager Activity