Re: [arch-dev-public] Trimming down our default kernel configuration
On 27/03/14 08:24 AM, thomas@archlinux.org wrote:
Am 27.03.2014 09:52, schrieb Connor Behan:
Am 26.03.2014 20:08, schrieb Dave Reisner:
Looks like audit is still built into our kernel. Wasn't this meant to be reverted as well? Forgot about that. That was pulled in by AppArmor or so. Wasn't it pulled in by http://bugs.archlinux.org/task/12584 and the fact
On 27/03/14 01:07 AM, thomas@archlinux.org wrote: that community/audit came out shortly after? No, it was pulled in accidentally as a dependency of AppArmor. I doubt that. AppArmor was enabled a year and a half after audit was.
https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/kernel26&id=e46bc1d41848b258a138df26590967dc1e0a3417 https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/kernel26&id=688e0f7508fa943868470e9d6c0dcb12823b06f0
If we actually want audit, we should support it as well. Our systemd package is compiled with -AUDIT for example.
Since audit is one of those "enabled unless the user intervenes" option that also does annoying things, I would like to get rid of it in our kernel. It is supported if you count [community] packages. I'll ask on the LKML if anything can be done about the logging.
Am 28.03.2014 06:25, schrieb Connor Behan:
On 27/03/14 08:24 AM, thomas@archlinux.org wrote:
Am 27.03.2014 09:52, schrieb Connor Behan:
Am 26.03.2014 20:08, schrieb Dave Reisner:
Looks like audit is still built into our kernel. Wasn't this meant to be reverted as well? Forgot about that. That was pulled in by AppArmor or so. Wasn't it pulled in by http://bugs.archlinux.org/task/12584 and the fact
On 27/03/14 01:07 AM, thomas@archlinux.org wrote: that community/audit came out shortly after? No, it was pulled in accidentally as a dependency of AppArmor. I doubt that. AppArmor was enabled a year and a half after audit was.
Yeah, that was incorrect in my memory. It was actually SELinux that pulled it in.
If we actually want audit, we should support it as well. Our systemd package is compiled with -AUDIT for example.
Since audit is one of those "enabled unless the user intervenes" option that also does annoying things, I would like to get rid of it in our kernel. It is supported if you count [community] packages. I'll ask on the LKML if anything can be done about the logging.
It's not about logging, it's about being enabled by default when it is supported by the kernel. There's no "disable audit by default" switch.
On 28.03.2014 06:25, Connor Behan wrote:
[...]
Not sure why, but your last 2 replies to the thread refer to message IDs I don't have (mailman.*.arch-dev-public@archlinux.org) so threading is broken. Are you replying to digest posts?
participants (3)
-
Connor Behan
-
Florian Pritz
-
Thomas Bächler