Rational behind RefuseManualStop=yes in auditd.service
Tony Jones
tonyj at suse.de
Tue Dec 3 20:16:15 UTC 2013
On 07/30/2013 01:25 PM, Steve Grubb wrote:
> On Tuesday, July 30, 2013 10:04:46 PM Laurent Bigonville wrote:
>> Hi,
>>
>> I would like to know the rational behind RefuseManualStop=yes in
>> auditd.service file.
>
> The short term "fix" is to force admins to use the service command which loads
> legacy helper scripts which are pulled from the old SysV init script. It sends
> signals in the user's context so that the auid is correct.
You mean this? https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
The problem is that (I believe) this feature isn't in upstream systemd, rather it's Fedora specific.
> If you don't need to meet common criteria requirements, then patch it out so its the way you like it.
If I'm correct and the above is Fedora specific, I would have thought the better option was to not use such extensions in the audit svn codebase; rather patch them *in* via the Fedora rpms. Or make it configure tuneable.
Tony
More information about the Linux-audit
mailing list