On 19/04/14 06:23 PM, Tom Gundersen wrote:
On Sat, Apr 19, 2014 at 11:58 PM, Daniel Micay <danielmicay@gmail.com> wrote:
On 19/04/14 05:25 PM, Tom Gundersen wrote:
In short, work on grsec if you want, but please let's not use that as an excuse to discourage people from working on similar features for the main kernel.
For example, if someone opens a bug asking to enable CONFIG_AUDIT again, will it really be accepted? The workaround for containers landed in systemd.
http://cgit.freedesktop.org/systemd/systemd/commit/?id=24fb111
That is clearly not an acceptable long-term solution. As far as I know audit is being fixed upstream to make this temporary work-around unnecessary.
-t
It's enough for CONFIG_AUDIT to be enabled in our kernel without breaking containers. It's not enough to have it work in containers, but it's already not working in containers today because it was disabled.