On 07/05/14 05:28 AM, Connor Behan wrote:
Sadly, the `perf trace` command has a dependency on libaudit for a few convenience functions. I'm curious about what people feel the best approach would be here... adding back audit to [community] is ugly since it's not going to work, but building it and statically linking it in the linux-tools package is overly complex.
The lesser evil seems to be adding only a libaudit package... but it's still not going to work if someone tries to use it for what it's intended to do. I'll probably go with this if there's no saner idea. Why not enable audit in your linux-grsec package? Then you can make
On 07/05/14 01:07 AM, Daniel Micay wrote: linux-grsec an optional dependency of the audit userspace tools for people who want to use more than just the convenience functions. I still have an occasional use for audit and the overhead it adds to the kernel is negligible compared to grsecurity itself.
RBAC also allows quite a bit of auditing with the grsecurity audit infrastructure. You can audit attempts to make use of a certain path, capability, IP protocol, etc. Of course, this assumes you have a basic working RBAC policy for tacking on allowed + audited policies or disallowed + audited policies. So CONFIG_AUDIT=Y is a lot less useful.