Am 28.03.2014 06:25, schrieb Connor Behan:
On 27/03/14 08:24 AM, thomas@archlinux.org wrote:
Am 27.03.2014 09:52, schrieb Connor Behan:
Am 26.03.2014 20:08, schrieb Dave Reisner:
Looks like audit is still built into our kernel. Wasn't this meant to be reverted as well? Forgot about that. That was pulled in by AppArmor or so. Wasn't it pulled in by http://bugs.archlinux.org/task/12584 and the fact
On 27/03/14 01:07 AM, thomas@archlinux.org wrote: that community/audit came out shortly after? No, it was pulled in accidentally as a dependency of AppArmor. I doubt that. AppArmor was enabled a year and a half after audit was.
Yeah, that was incorrect in my memory. It was actually SELinux that pulled it in.
If we actually want audit, we should support it as well. Our systemd package is compiled with -AUDIT for example.
Since audit is one of those "enabled unless the user intervenes" option that also does annoying things, I would like to get rid of it in our kernel. It is supported if you count [community] packages. I'll ask on the LKML if anything can be done about the logging.
It's not about logging, it's about being enabled by default when it is supported by the kernel. There's no "disable audit by default" switch.