commit:     3f7665c563412f6cdd8a4ba4bc918ecc2b983d08
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 22 01:43:09 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Aug 22 01:55:45 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f7665c5

sys-apps/systemd: do not change the kernel audit setting by default

Closes: https://bugs.gentoo.org/736910
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/gentoo-journald-audit.patch | 40 ++++++++++++++++++++++
 ...ystemd-245.7.ebuild => systemd-245.7-r1.ebuild} |  1 +
 .../{systemd-246.ebuild => systemd-246-r1.ebuild}  |  1 +
 sys-apps/systemd/systemd-9999.ebuild               |  1 +
 4 files changed, 43 insertions(+)

diff --git a/sys-apps/systemd/files/gentoo-journald-audit.patch 
b/sys-apps/systemd/files/gentoo-journald-audit.patch
new file mode 100644
index 00000000000..088bceb7696
--- /dev/null
+++ b/sys-apps/systemd/files/gentoo-journald-audit.patch
@@ -0,0 +1,40 @@
+From 593db1c78011ddce551051ce17eda6feac079b3d Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <flop...@gentoo.org>
+Date: Fri, 21 Aug 2020 13:16:17 -0400
+Subject: [PATCH] journald: do not change the kernel audit setting by default
+
+Bug: https://bugs.gentoo.org/736910
+---
+ man/journald.conf.xml         | 2 +-
+ src/journal/journald-server.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index bfd359a903..7e93d4050e 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -411,7 +411,7 @@
+         <command>systemd-journald</command> collects generated audit records, 
it just controls whether it
+         tells the kernel to generate them. This means if another tool turns 
on auditing even if
+         <command>systemd-journald</command> left it off, it will still 
collect the generated
+-        messages. Defaults to on.</para></listitem>
++        messages.</para></listitem>
+       </varlistentry>
+ 
+       <varlistentry>
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 5865bf9809..163be685a8 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -2208,7 +2208,7 @@ int server_init(Server *s, const char *namespace) {
+                 .compress.threshold_bytes = (uint64_t) -1,
+                 .seal = true,
+ 
+-                .set_audit = true,
++                .set_audit = -1,
+ 
+                 .watchdog_usec = USEC_INFINITY,
+ 
+-- 
+2.28.0
+

diff --git a/sys-apps/systemd/systemd-245.7.ebuild 
b/sys-apps/systemd/systemd-245.7-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-245.7.ebuild
rename to sys-apps/systemd/systemd-245.7-r1.ebuild
index 586484176c7..3da9bb72e33 100644
--- a/sys-apps/systemd/systemd-245.7.ebuild
+++ b/sys-apps/systemd/systemd-245.7-r1.ebuild
@@ -207,6 +207,7 @@ src_prepare() {
                PATCHES+=(
                        "${FILESDIR}/gentoo-generator-path-r1.patch"
                        "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+                       "${FILESDIR}/gentoo-journald-audit.patch"
                )
        fi
 

diff --git a/sys-apps/systemd/systemd-246.ebuild 
b/sys-apps/systemd/systemd-246-r1.ebuild
similarity index 99%
rename from sys-apps/systemd/systemd-246.ebuild
rename to sys-apps/systemd/systemd-246-r1.ebuild
index 5097bffb2dd..a3cf9676ba5 100644
--- a/sys-apps/systemd/systemd-246.ebuild
+++ b/sys-apps/systemd/systemd-246-r1.ebuild
@@ -207,6 +207,7 @@ src_prepare() {
                PATCHES+=(
                        "${FILESDIR}/gentoo-generator-path-r2.patch"
                        "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+                       "${FILESDIR}/gentoo-journald-audit.patch"
                )
        fi
 

diff --git a/sys-apps/systemd/systemd-9999.ebuild 
b/sys-apps/systemd/systemd-9999.ebuild
index 5097bffb2dd..a3cf9676ba5 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -207,6 +207,7 @@ src_prepare() {
                PATCHES+=(
                        "${FILESDIR}/gentoo-generator-path-r2.patch"
                        "${FILESDIR}/gentoo-systemctl-disable-sysv-sync.patch"
+                       "${FILESDIR}/gentoo-journald-audit.patch"
                )
        fi
 

Reply via email to