userdb: mark PII fields as sensitive in user records#40978
userdb: mark PII fields as sensitive in user records#40978yuwata merged 1 commit intosystemd:mainfrom
Conversation
github-actions
bot
added
util-lib
please-review
dylanmtaylor
force-pushed
the
mark-pii-sensitive
branch
2 times, most recently
from
053b60a to
bb9b2ca
Compare
dylanmtaylor
force-pushed
the
mark-pii-sensitive
branch
2 times, most recently
from
959daf3 to
a4e0683
Compare
|
The code is simple. @poettering had some doubts because this is just local… But it seems fine to do this. I don't think we'd ever need to log the full name and other details. So it seems reasonable to do this… |
|
If we merge this into v260, I will rebase the other PR onto this, so it's just adding the one field for birthDate to the PII section. Nice and easy to do. :) I think that'll make @bluca happy with how the PII is handled. |
dylanmtaylor
force-pushed
the
mark-pii-sensitive
branch
2 times, most recently
from
353a36a to
a35f356
Compare
Mark realName, emailAddress, and location as sensitive in JSON user records so that they are excluded from debug log output. These fields contain personally identifiable information that should not be leaked in logs, which are generally more accessible than the user database itself.
dylanmtaylor
force-pushed
the
mark-pii-sensitive
branch
from
a35f356 to
9e38c5d
Compare
|
Please don't continuosly rebase, as CI capacity is limited, so if there's no code changes are pushed we don't want to waste cycles |
Sorry about that, @bluca I thought keeping this up to date was helping with mergability. Regardless, based on #40954 (comment) can we merge this one in now, and I can rebase the other one on top of this? |
|
It actually doesn't help, because we lose the previous results. So now we have to wait again. Lennart said he's doesn't care in the other PR, so let's indeed merge this. |
keszybz
added
good-to-merge/waiting-for-ci 👍
I see some failing checks. Do those need to pass before this is merged? |
|
Those failures appear to be unrelated. I restarted a bunch of jobs. |
|
For the noble/ppc64el failure: "No valid host was found. There are not enough hosts available." Not related to this change, just flaky infrastructure. |
|
Interesting. Two mkosi tests failing still with different tests failing on each run. |
|
I think this should be merged, skipping CI. These seem to be intermittent test failures unrelated to this change. Attempt 1 failures: Attempt 2 failures: |
github-actions
bot
removed
the
good-to-merge/waiting-for-ci 👍
5 participants
Mark
realName,emailAddress, andlocationas sensitive in JSON user records so that they are excluded from debug log output. These fields contain personally identifiable information that should not be leaked in logs, which are generally more accessible than the user database itself.This was originally part of #40954 but was split out into its own PR for separate discussion, as there were differing opinions on whether the sensitive flag is appropriate for PII fields (vs. only key material). @bluca noted that the primary value is avoiding PII in log dumps, not memory zeroing.