diff options
| author | Michael Scherer <misc@redhat.com> | 2015-12-20 13:23:33 +0100 |
|---|---|---|
| committer | Michael Scherer <misc@redhat.com> | 2015-12-20 13:23:33 +0100 |
| commit | 9d3737f13e9b38f88ed7acc800db66c2f025fac9 (patch) | |
| tree | 081ef5cc7e4f13d60994112057eb629d37254287 | |
| parent | d73fe9134fcabe69e2984691e998e259d26d064b (diff) | |
Add Seal option in the configuration file for journald-remote
While journal received remotely can be sealed, it can only be done
on the command line using --seal, so for consistency, we will
also permit to set it in the configuration file.
| -rw-r--r-- | man/journal-remote.conf.xml | 7 | ||||
| -rw-r--r-- | src/journal-remote/journal-remote.c | 1 | ||||
| -rw-r--r-- | src/journal-remote/journal-remote.conf.in | 1 |
3 files changed, 9 insertions, 0 deletions
diff --git a/man/journal-remote.conf.xml b/man/journal-remote.conf.xml index b7c5e6ac5c..2d345963d9 100644 --- a/man/journal-remote.conf.xml +++ b/man/journal-remote.conf.xml @@ -72,6 +72,13 @@ <literal>[Remote]</literal> section:</para> <variablelist> + <varlistentry> + <term><varname>Seal=</varname></term> + + <listitem><para>Periodically sign the data in the journal using Forward Secure Sealing. + </para></listitem> + </varlistentry> + <varlistentry> <term><varname>SplitMode=</varname></term> diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index b2f5fbf6b4..3f93e85232 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -1181,6 +1181,7 @@ static DEFINE_CONFIG_PARSE_ENUM(config_parse_write_split_mode, static int parse_config(void) { const ConfigTableItem items[] = { + { "Remote", "Seal", config_parse_bool, 0, &arg_seal }, { "Remote", "SplitMode", config_parse_write_split_mode, 0, &arg_split_mode }, { "Remote", "ServerKeyFile", config_parse_path, 0, &arg_key }, { "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert }, diff --git a/src/journal-remote/journal-remote.conf.in b/src/journal-remote/journal-remote.conf.in index 3e32f34def..7122d63362 100644 --- a/src/journal-remote/journal-remote.conf.in +++ b/src/journal-remote/journal-remote.conf.in @@ -1,4 +1,5 @@ [Remote] +# Seal=false # SplitMode=host # ServerKeyFile=@CERTIFICATEROOT@/private/journal-remote.pem # ServerCertificateFile=@CERTIFICATEROOT@/certs/journal-remote.pem |