On 19/04/14 06:23 PM, Tom Gundersen wrote: > On Sat, Apr 19, 2014 at 11:58 PM, Daniel Micay <[email protected]> wrote: >> On 19/04/14 05:25 PM, Tom Gundersen wrote: >>> >>> In short, work on grsec if you want, but please let's not use that as >>> an excuse to discourage people from working on similar features for >>> the main kernel. >> >> For example, if someone opens a bug asking to enable CONFIG_AUDIT again, >> will it really be accepted? The workaround for containers landed in systemd. >> >> http://cgit.freedesktop.org/systemd/systemd/commit/?id=24fb111 > > That is clearly not an acceptable long-term solution. As far as I know > audit is being fixed upstream to make this temporary work-around > unnecessary. > > -t
It's enough for CONFIG_AUDIT to be enabled in our kernel without breaking containers. It's not enough to have it work in containers, but it's already not working in containers today because it was disabled.
signature.asc
Description: OpenPGP digital signature
