Re: [arch-dev-public] Trimming down our default kernel configuration
Am 26.03.2014 20:08, schrieb Dave Reisner:
Looks like audit is still built into our kernel. Wasn't this meant to be reverted as well? Forgot about that. That was pulled in by AppArmor or so. Wasn't it pulled in by http://bugs.archlinux.org/task/12584 and the fact
On 27/03/14 01:07 AM, thomas@archlinux.org wrote: that community/audit came out shortly after?
On Thu, Mar 27, 2014 at 9:52 AM, Connor Behan <connor.behan@gmail.com>wrote:
Am 26.03.2014 20:08, schrieb Dave Reisner:
Looks like audit is still built into our kernel. Wasn't this meant to be reverted as well? Forgot about that. That was pulled in by AppArmor or so. Wasn't it pulled in by http://bugs.archlinux.org/task/12584 and the fact
On 27/03/14 01:07 AM, thomas@archlinux.org wrote: that community/audit came out shortly after?
I didn't know when it was added in the kernel or why, but I find it useful and would appreciate it being kept in (that's why I maintain community/audit).
On 27.03.2014 10:08, Massimiliano Torromeo wrote:
I didn't know when it was added in the kernel or why, but I find it useful and would appreciate it being kept in (that's why I maintain community/audit).
If it wouldn't log all kinds of new session stuff (I guess those are all ssh logins) to dmesg even if you don't use auditd. So far the only way I found to get rid of all those messages is to either install and start auditd and disable then audit or to add audit=0 or something to the kernel line. I don't like either. If it could be enabled but default to not logging anything I'd be happy.
Am 27.03.2014 09:52, schrieb Connor Behan:
Am 26.03.2014 20:08, schrieb Dave Reisner:
Looks like audit is still built into our kernel. Wasn't this meant to be reverted as well? Forgot about that. That was pulled in by AppArmor or so. Wasn't it pulled in by http://bugs.archlinux.org/task/12584 and the fact
On 27/03/14 01:07 AM, thomas@archlinux.org wrote: that community/audit came out shortly after?
No, it was pulled in accidentally as a dependency of AppArmor. If we actually want audit, we should support it as well. Our systemd package is compiled with -AUDIT for example. Since audit is one of those "enabled unless the user intervenes" option that also does annoying things, I would like to get rid of it in our kernel.
participants (4)
-
Connor Behan
-
Florian Pritz
-
Massimiliano Torromeo
-
Thomas Bächler