Rational behind RefuseManualStop=yes in auditd.service
Tony Jones
tonyj at suse.de
Wed Dec 18 21:16:11 UTC 2013
On 12/18/2013 01:07 PM, Tony Jones wrote:
> On 12/18/2013 12:38 PM, Eric Paris wrote:
>
>> He made the change in the upstream repo, because that's what you need
>> for certification purposes. Personally, I hate it, cause i don't give a
>> hoot about that and would rather things to be consistent, but that's the
>> rational. A certifiable audit needs what he has in the repo. If we
>> ever get all of the credential data available to systemd it can be
>> reverted...
>
> This doesn't really make a lot of sense as a certifiable audit presumably also needs the local Fedora specific changes to systemd, which are not in the upstream systemd repo. So I'd have thought the Fedora specific audit package was a perfectly suitable location for the audit changes rather than the main audit svn repo.
OIC, you were talking purely of the addition of the RefuseManualStop=yes, Sorry, I was talking more about the presence of utility scripts in the svn repo that are Fedora specific since they rely on Fedora systemd extensions.
Anyhow, as I said, not a big deal. Thanks for reply.
More information about the Linux-audit
mailing list