Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 736910 - sys-apps/systemd-246 enables audit by default
Summary: sys-apps/systemd-246 enables audit by default
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo systemd Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-12 19:53 UTC by Yaroslav Isakov
Modified: 2020-08-22 01:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yaroslav Isakov 2020-08-12 19:53:44 UTC
I've found that audit is enabled on my system, after update to systemd-246. After reseach, I've found that it is enabled by journald, by default, and can be disabled by Audit=no in journald.conf. It is a regression from Gentoo systemd-245, as previous ebuilds disabled audit using gentoo-Dont-enable-audit-by-default.patch. So, I think that default behavior should remain the same - audit is not enabled by journald, and only enabled by user, if needed.
Comment 1 Mike Gilbert gentoo-dev 2020-08-12 20:12:57 UTC
I would prefer not to carry that patch any longer. Is enabling audit by default harmful in some way?
Comment 2 Mike Gilbert gentoo-dev 2020-08-12 20:19:56 UTC
Hmm, the journald man page seems to send conflicting messages:

       Audit=
           Takes a boolean value. If enabled systemd-journal will turn on
           kernel auditing on start-up. If disabled it will turn it off. ***If
           unset*** it will ***neither enable nor disable it***, leaving the previous
           state unchanged. Note that this option does not control whether
           systemd-journald collects generated audit records, it just controls
           whether it tells the kernel to generate them. This means if another
           tool turns on auditing even if systemd-journald left it off, it
           will still collect the generated messages. ***Defaults to on.***


So, how can it be unset, and also default to "on"?

Maybe this warrants an issue upstream?
Comment 3 Yaroslav Isakov 2020-08-13 12:02:33 UTC
Good point, but it will not be fixed in current version... Anyway, I'll create bug in upstream.
Comment 4 Yaroslav Isakov 2020-08-13 12:08:25 UTC
Here it is https://github.com/systemd/systemd/issues/16720
Comment 5 Pacho Ramos gentoo-dev 2020-08-21 15:19:34 UTC
i also wondered about why my dmesg was so polluted... I disabled it... but I am unsure about what is the advantage upstream sees in keeping it enabled with so much spam. In that way is hard to detect a real error :/
Comment 6 Larry the Git Cow gentoo-dev 2020-08-22 01:56:52 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f7665c563412f6cdd8a4ba4bc918ecc2b983d08

commit 3f7665c563412f6cdd8a4ba4bc918ecc2b983d08
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-08-22 01:43:09 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-08-22 01:55:45 +0000

    sys-apps/systemd: do not change the kernel audit setting by default
    
    Closes: https://bugs.gentoo.org/736910
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/files/gentoo-journald-audit.patch | 40 ++++++++++++++++++++++
 ...ystemd-245.7.ebuild => systemd-245.7-r1.ebuild} |  1 +
 .../{systemd-246.ebuild => systemd-246-r1.ebuild}  |  1 +
 sys-apps/systemd/systemd-9999.ebuild               |  1 +
 4 files changed, 43 insertions(+)