[arch-dev-public] perf-trace missing due to a dependency on libaudit

[Daniel Micay]

On 07/05/14 05:28 AM, Connor Behan wrote:
> On 07/05/14 01:07 AM, Daniel Micay wrote:
>> Sadly, the `perf trace` command has a dependency on libaudit for a few
>> convenience functions. I'm curious about what people feel the best
>> approach would be here... adding back audit to [community] is ugly since
>> it's not going to work, but building it and statically linking it in the
>> linux-tools package is overly complex.
>>
>> The lesser evil seems to be adding only a libaudit package... but it's
>> still not going to work if someone tries to use it for what it's
>> intended to do. I'll probably go with this if there's no saner idea.
> Why not enable audit in your linux-grsec package? Then you can make
> linux-grsec an optional dependency of the audit userspace tools for
> people who want to use more than just the convenience functions. I still
> have an occasional use for audit and the overhead it adds to the kernel
> is negligible compared to grsecurity itself.

I don't really want to deviate from the [core] kernel on any of the
non-grsecurity-related options, and CONFIG_AUDIT is only tangentially
related. It's also not required for perf-trace (only libaudit is). I'll
consider it and might change my mind though.

The grsecurity auditing has sysctl switches to turn it all off, so it
doesn't cause the log "spam" problem people dislike. The only default
logging is when policies are actually violated and processes get killed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140507/db792948/attachment.asc>