I have my kernel .config set to CONFIG_AUDIT=n because I wanted to play with containers and systemd-212 README states: --- Note that kernel auditing is broken when used with systemd's container code. When using systemd in conjunction with containers, please make sure to either turn off auditing at runtime using the kernel command line option "audit=0", or turn it off at kernel compile time using: CONFIG_AUDIT=n --- But there is a warning poping up from the ebuild saying I should set it to yes. Perhaps the warning was outdated? Or the upstream systemd README is outdated?
well, CONFIG_AUDITSYSCALL=y is required for /proc/<pid>/sessionid, and sessionid is used by the pam_systemd.so module when not using display manager, ie. for tracking user from text login -> to console -> to startx -> to X11 this dependency is inherited from sys-auth/consolekit, which uses same thing for pam_ck_connector.so so, unless pam_systemd.so has evolved in a way sessionid is no longer required in /proc, it is still required last time I brought this up with systemd upstream maintainer, he said he considers it optional because it's only used by logind, and only when not using "proper" display manager, and even then there was some cases it works (can't remember how) i guess it's easy to test and verify, if user is seen as 'active user' by logind, even without audit support in kernel, when using text login & startx, ...
#gentoo-systemd from today, 09:55 < grawity> though latest logind releases do not require that anymore (Arch turned off CONFIG_AUDIT completely a month ago); it gets all information from cgroups of the process So it seems CONFIG_AUDITSYSCALL check should be removed from at least >=sys-apps/systemd-213 and this bug be closed with it
That also means that some arches that have USE="pam" *use.masked in their profiles because of missing CONFIG_AUDITSYSCALL, can now be unmasked: arch/mips/package.use.mask:sys-apps/systemd pam arch/alpha/package.use.mask:sys-apps/systemd pam Those entries can be removed then too
+ 11 Jun 2014; Mike Gilbert <floppym@gentoo.org> systemd-213.ebuild, + systemd-9999.ebuild: + Drop CONFIG_AUDITSYSCALL check, bug 506418.