summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gilbert <floppym@gentoo.org>2020-08-21 21:43:09 -0400
committerMike Gilbert <floppym@gentoo.org>2020-08-21 21:55:45 -0400
commit3f7665c563412f6cdd8a4ba4bc918ecc2b983d08 (patch)
treed860633bdca609db49b2b4a3a90ea0a9d56c800d /sys-apps
parentsys-process/nmon: add ~arm64 keyword to version 16m (diff)
downloadgentoo-3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.tar.gz
gentoo-3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.tar.bz2
gentoo-3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.zip
sys-apps/systemd: do not change the kernel audit setting by default
Closes: https://bugs.gentoo.org/736910 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'sys-apps')
-rw-r--r--sys-apps/systemd/files/gentoo-journald-audit.patch40
-rw-r--r--sys-apps/systemd/systemd-245.7-r1.ebuild (renamed from sys-apps/systemd/systemd-245.7.ebuild)1
-rw-r--r--sys-apps/systemd/systemd-246-r1.ebuild (renamed from sys-apps/systemd/systemd-246.ebuild)1
-rw-r--r--sys-apps/systemd/systemd-9999.ebuild1
4 files changed, 43 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/gentoo-journald-audit.patch b/sys-apps/systemd/files/gentoo-journald-audit.patch
new file mode 100644
index 000000000000..088bceb7696e
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-journald-audit.patch
@@ -0,0 +1,40 @@
+From 593db1c78011ddce551051ce17eda6feac079b3d Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 21 Aug 2020 13:16:17 -0400
+Subject: [PATCH] journald: do not change the kernel audit setting by default
+
+Bug: https://bugs.gentoo.org/736910
+---
+ man/journald.conf.xml | 2 +-
+ src/journal/journald-server.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index bfd359a903..7e93d4050e 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -411,7 +411,7 @@
+ <command>systemd-journald</command> collects generated audit records, it just controls whether it
+ tells the kernel to generate them. This means if another tool turns on auditing even if
+ <command>systemd-journald</command> left it off, it will still collect the generated
+- messages. Defaults to on.</para></listitem>
++ messages.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 5865bf9809..163be685a8 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -2208,7 +2208,7 @@ int server_init(Server *s, const char *namespace) {
+ .compress.threshold_bytes = (uint64_t) -1,
+ .seal = true,
+
+- .set_audit = true,
++ .set_audit = -1,
+
+ .watchdog_usec = USEC_INFINITY,
+
+--
+2.28.0
+
diff --git a/sys-apps/systemd/systemd-245.7.ebuild b/sys-apps/systemd/systemd-245.7-r1.ebuild
index 586484176c79..3da9bb72e33c 100644
--- a/sys-apps/systemd/systemd-245.7.ebuild
+++ b/sys-apps/systemd/systemd-245.7-r1.ebuild
@@ -207,6 +207,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r1.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+ "${FILESDIR}/gentoo-journald-audit.patch"
)
fi
diff --git a/sys-apps/systemd/systemd-246.ebuild b/sys-apps/systemd/systemd-246-r1.ebuild
index 5097bffb2ddd..a3cf9676ba5f 100644
--- a/sys-apps/systemd/systemd-246.ebuild
+++ b/sys-apps/systemd/systemd-246-r1.ebuild
@@ -207,6 +207,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+ "${FILESDIR}/gentoo-journald-audit.patch"
)
fi
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 5097bffb2ddd..a3cf9676ba5f 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -207,6 +207,7 @@ src_prepare() {
PATCHES+=(
"${FILESDIR}/gentoo-generator-path-r2.patch"
"${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+ "${FILESDIR}/gentoo-journald-audit.patch"
)
fi