From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 674ED15800F for ; Mon, 30 Jan 2023 02:14:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 97D65E07F9; Mon, 30 Jan 2023 02:14:09 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7D30BE07F9 for ; Mon, 30 Jan 2023 02:14:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7A3B5340D6F for ; Mon, 30 Jan 2023 02:14:08 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CB488889 for ; Mon, 30 Jan 2023 02:14:05 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1675044728.b32b4a57937ab2539b761226ff67dece6e7f5558.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/systemd/files/gentoo-journald-audit-r1.patch sys-apps/systemd/systemd-9999.ebuild X-VCS-Directories: sys-apps/systemd/files/ sys-apps/systemd/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: b32b4a57937ab2539b761226ff67dece6e7f5558 X-VCS-Branch: master Date: Mon, 30 Jan 2023 02:14:05 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: c9eb3bde-99da-4a25-b5c6-e8f4e2f0a1cf X-Archives-Hash: 9221ff0f50ad12d6affc5be2b39015eb commit: b32b4a57937ab2539b761226ff67dece6e7f5558 Author: Mike Gilbert gentoo org> AuthorDate: Mon Jan 30 02:07:22 2023 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Mon Jan 30 02:12:08 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b32b4a57 sys-apps/systemd: update journald-audit patch Signed-off-by: Mike Gilbert gentoo.org> .../systemd/files/gentoo-journald-audit-r1.patch | 51 ++++++++++++++++++++++ sys-apps/systemd/systemd-9999.ebuild | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/sys-apps/systemd/files/gentoo-journald-audit-r1.patch b/sys-apps/systemd/files/gentoo-journald-audit-r1.patch new file mode 100644 index 000000000000..b5c32df788e9 --- /dev/null +++ b/sys-apps/systemd/files/gentoo-journald-audit-r1.patch @@ -0,0 +1,51 @@ +From 2de502ccff1cc780d9d29c4ff7e6c1e0f2d7a082 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 21 Aug 2020 13:16:17 -0400 +Subject: [PATCH] journald: do not change the kernel audit setting by default + +Bug: https://bugs.gentoo.org/736910 +--- + man/journald.conf.xml | 2 +- + src/journal/journald-server.c | 2 +- + src/journal/journald.conf | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 50c33e4792..2e14674f42 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -427,7 +427,7 @@ + kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor + disable it, leaving the previous state unchanged. This means if another tool turns on auditing even + if systemd-journald left it off, it will still collect the generated +- messages. Defaults to on. ++ messages. + + Note that this option does not control whether systemd-journald collects + generated audit records, it just controls whether it tells the kernel to generate them. If you need +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 022e12d83d..6b3d261af6 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -2367,7 +2367,7 @@ int server_init(Server *s, const char *namespace) { + .compress.threshold_bytes = UINT64_MAX, + .seal = true, + +- .set_audit = true, ++ .set_audit = -1, + + .watchdog_usec = USEC_INFINITY, + +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 5a60a9d39c..64156d5463 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -44,4 +44,4 @@ + #MaxLevelWall=emerg + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++#Audit= +-- +2.39.1 + diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 39a2452355b2..ea3aabd5a42f 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -237,7 +237,7 @@ src_prepare() { PATCHES+=( "${FILESDIR}/gentoo-generator-path-r2.patch" "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch" - "${FILESDIR}/gentoo-journald-audit.patch" + "${FILESDIR}/gentoo-journald-audit-r1.patch" ) fi