diff options
author | Mike Gilbert <floppym@gentoo.org> | 2020-08-21 21:43:09 -0400 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2020-08-21 21:55:45 -0400 |
commit | 3f7665c563412f6cdd8a4ba4bc918ecc2b983d08 (patch) | |
tree | d860633bdca609db49b2b4a3a90ea0a9d56c800d /sys-apps | |
parent | sys-process/nmon: add ~arm64 keyword to version 16m (diff) | |
download | gentoo-3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.tar.gz gentoo-3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.tar.bz2 gentoo-3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.zip |
sys-apps/systemd: do not change the kernel audit setting by default
Closes: https://bugs.gentoo.org/736910
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/systemd/files/gentoo-journald-audit.patch | 40 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-245.7-r1.ebuild (renamed from sys-apps/systemd/systemd-245.7.ebuild) | 1 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-246-r1.ebuild (renamed from sys-apps/systemd/systemd-246.ebuild) | 1 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-9999.ebuild | 1 |
4 files changed, 43 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/gentoo-journald-audit.patch b/sys-apps/systemd/files/gentoo-journald-audit.patch new file mode 100644 index 000000000000..088bceb7696e --- /dev/null +++ b/sys-apps/systemd/files/gentoo-journald-audit.patch @@ -0,0 +1,40 @@ +From 593db1c78011ddce551051ce17eda6feac079b3d Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Fri, 21 Aug 2020 13:16:17 -0400 +Subject: [PATCH] journald: do not change the kernel audit setting by default + +Bug: https://bugs.gentoo.org/736910 +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index bfd359a903..7e93d4050e 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -411,7 +411,7 @@ + <command>systemd-journald</command> collects generated audit records, it just controls whether it + tells the kernel to generate them. This means if another tool turns on auditing even if + <command>systemd-journald</command> left it off, it will still collect the generated +- messages. Defaults to on.</para></listitem> ++ messages.</para></listitem> + </varlistentry> + + <varlistentry> +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 5865bf9809..163be685a8 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2208,7 +2208,7 @@ int server_init(Server *s, const char *namespace) { + .compress.threshold_bytes = (uint64_t) -1, + .seal = true, + +- .set_audit = true, ++ .set_audit = -1, + + .watchdog_usec = USEC_INFINITY, + +-- +2.28.0 + diff --git a/sys-apps/systemd/systemd-245.7.ebuild b/sys-apps/systemd/systemd-245.7-r1.ebuild index 586484176c79..3da9bb72e33c 100644 --- a/sys-apps/systemd/systemd-245.7.ebuild +++ b/sys-apps/systemd/systemd-245.7-r1.ebuild @@ -207,6 +207,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r1.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch" + "${FILESDIR}/gentoo-journald-audit.patch" ) fi diff --git a/sys-apps/systemd/systemd-246.ebuild b/sys-apps/systemd/systemd-246-r1.ebuild index 5097bffb2ddd..a3cf9676ba5f 100644 --- a/sys-apps/systemd/systemd-246.ebuild +++ b/sys-apps/systemd/systemd-246-r1.ebuild @@ -207,6 +207,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch" + "${FILESDIR}/gentoo-journald-audit.patch" ) fi diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 5097bffb2ddd..a3cf9676ba5f 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -207,6 +207,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch" + "${FILESDIR}/gentoo-journald-audit.patch" ) fi |