From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D05BD138359 for ; Sat, 22 Aug 2020 01:56:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0B8B9E07F6; Sat, 22 Aug 2020 01:56:56 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E1F0CE07F6 for ; Sat, 22 Aug 2020 01:56:55 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5F5E3335D83 for ; Sat, 22 Aug 2020 01:56:54 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id DA9482CC for ; Sat, 22 Aug 2020 01:56:52 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1598061345.3f7665c563412f6cdd8a4ba4bc918ecc2b983d08.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/systemd/files/gentoo-journald-audit.patch sys-apps/systemd/systemd-245.7-r1.ebuild sys-apps/systemd/systemd-245.7.ebuild sys-apps/systemd/systemd-246-r1.ebuild sys-apps/systemd/systemd-246.ebuild sys-apps/systemd/systemd-9999.ebuild X-VCS-Directories: sys-apps/systemd/ sys-apps/systemd/files/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: 3f7665c563412f6cdd8a4ba4bc918ecc2b983d08 X-VCS-Branch: master Date: Sat, 22 Aug 2020 01:56:52 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 3749c70d-0190-4945-b4a4-2a74ffc3585a X-Archives-Hash: 3a66dd3cd147b1edc75288ec1bb5db9e commit: 3f7665c563412f6cdd8a4ba4bc918ecc2b983d08 Author: Mike Gilbert gentoo org> AuthorDate: Sat Aug 22 01:43:09 2020 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Sat Aug 22 01:55:45 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f7665c5 sys-apps/systemd: do not change the kernel audit setting by default Closes: https://bugs.gentoo.org/736910 Signed-off-by: Mike Gilbert gentoo.org> sys-apps/systemd/files/gentoo-journald-audit.patch | 40 ++++++++++++++++++++++ ...ystemd-245.7.ebuild => systemd-245.7-r1.ebuild} | 1 + .../{systemd-246.ebuild => systemd-246-r1.ebuild} | 1 + sys-apps/systemd/systemd-9999.ebuild | 1 + 4 files changed, 43 insertions(+) diff --git a/sys-apps/systemd/files/gentoo-journald-audit.patch b/sys-apps/systemd/files/gentoo-journald-audit.patch new file mode 100644 index 00000000000..088bceb7696 --- /dev/null +++ b/sys-apps/systemd/files/gentoo-journald-audit.patch @@ -0,0 +1,40 @@ +From 593db1c78011ddce551051ce17eda6feac079b3d Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 21 Aug 2020 13:16:17 -0400 +Subject: [PATCH] journald: do not change the kernel audit setting by default + +Bug: https://bugs.gentoo.org/736910 +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index bfd359a903..7e93d4050e 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -411,7 +411,7 @@ + systemd-journald collects generated audit records, it just controls whether it + tells the kernel to generate them. This means if another tool turns on auditing even if + systemd-journald left it off, it will still collect the generated +- messages. Defaults to on. ++ messages. + + + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 5865bf9809..163be685a8 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2208,7 +2208,7 @@ int server_init(Server *s, const char *namespace) { + .compress.threshold_bytes = (uint64_t) -1, + .seal = true, + +- .set_audit = true, ++ .set_audit = -1, + + .watchdog_usec = USEC_INFINITY, + +-- +2.28.0 + diff --git a/sys-apps/systemd/systemd-245.7.ebuild b/sys-apps/systemd/systemd-245.7-r1.ebuild similarity index 99% rename from sys-apps/systemd/systemd-245.7.ebuild rename to sys-apps/systemd/systemd-245.7-r1.ebuild index 586484176c7..3da9bb72e33 100644 --- a/sys-apps/systemd/systemd-245.7.ebuild +++ b/sys-apps/systemd/systemd-245.7-r1.ebuild @@ -207,6 +207,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r1.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch" + "${FILESDIR}/gentoo-journald-audit.patch" ) fi diff --git a/sys-apps/systemd/systemd-246.ebuild b/sys-apps/systemd/systemd-246-r1.ebuild similarity index 99% rename from sys-apps/systemd/systemd-246.ebuild rename to sys-apps/systemd/systemd-246-r1.ebuild index 5097bffb2dd..a3cf9676ba5 100644 --- a/sys-apps/systemd/systemd-246.ebuild +++ b/sys-apps/systemd/systemd-246-r1.ebuild @@ -207,6 +207,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch" + "${FILESDIR}/gentoo-journald-audit.patch" ) fi diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 5097bffb2dd..a3cf9676ba5 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -207,6 +207,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch" + "${FILESDIR}/gentoo-journald-audit.patch" ) fi