On Tue, Feb 19, 2013 at 9:06 PM, Kok, Auke-jan H <auke-jan.h....@intel.com> wrote: > On Tue, Feb 19, 2013 at 11:29 AM, Jon Masters <jonat...@jonmasters.org> wrote: >> From: Jon Masters <j...@jonmasters.org> >> >> Systemd relies upon CONFIG_AUDITSYSCALL support being present in the kernel. >> This is because systemd-logind calls audit_session_from_pid, which uses >> /proc/self/sessionid to determine whether an existing session is being >> replaced as part of e.g. a call to sudo, pkexec, or similar. Without >> support for system call auditing, these commands will silently fail as >> their session is killed immediately after it is created by systemd. >> >> For now, add a check after the existing cgroups test, but in the future >> these functions should all move into a generic check_kconfig function >> that tests all of the configured kernel options, including these for >> compliance with the evolving base platform requirements of systemd. >> >> Signed-off-by: Jon Masters <j...@jonmasters.org> > > Hmmm > > The security folks here really dislike CONFIG_AUDIT* as (I understand > from them) it potentially leaks confidential information... This > message now comes out rather blunt to those folks who wish to disable > it... I'm not sure I'll appreciate the console spam from this message. > > Is this really necessary?
Systemd is supposed to work just fine without any audit stuff. The issue is a more a bug in systemd that should be fixed, not audit be required. Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
