Logging with systemd
As mentioned before, systemd is not only responsible for service management: it takes up several other tasks as well. One of these tasks is log management, which is traditionally implemented through a system logger.
While systemd still supports running with a traditional system logger, it now suggests the use of systemd-journald. One of the advantages of the journal daemon is that it is not limited to textual, single-line log messages. Daemons can now use binaries as well as multiline messages as part of its logging capabilities.
The journal daemon also registers information about the sending process alongside the log messages itself. This additional information contains ownership data (process owner) including the SELinux context of the sending process.
Retrieving SELinux-related information
The traditional approach to receive SELinux-related information (excluding the audit events we tackled before) is to grep through the log information. With the journal daemon, this...
