| 1 |
On Tue, Oct 06, 2015 at 08:58:48PM +0300, Andrew Savchenko wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> On Tue, 6 Oct 2015 17:32:07 +0100 Markos Chandras wrote: |
| 5 |
> > Hi, |
| 6 |
> > |
| 7 |
> > The following packages currently use the 'audit' local useflag |
| 8 |
> > |
| 9 |
> > ~$ qgrep -N -s -l -e "^IUSE.*audit" | sed "s@-[0-9].*@@" | sort -n | uniq |
| 10 |
> > |
| 11 |
> > app-emulation/libvirt |
| 12 |
> > app-forensics/aide |
| 13 |
> > dev-util/perf |
| 14 |
> > gnome-base/gdm |
| 15 |
> > net-dns/opendnssec |
| 16 |
> > sys-apps/openrc |
| 17 |
> > sys-apps/policycoreutils |
| 18 |
> > sys-apps/shadow |
| 19 |
> > sys-apps/systemd |
| 20 |
> > sys-freebsd/freebsd-ubin |
| 21 |
> > sys-freebsd/freebsd-usbin |
| 22 |
> > sys-libs/pam |
| 23 |
> > |
| 24 |
> > (+ lightdm which I just committed) |
| 25 |
> > |
| 26 |
> > How about making it global with the following description? |
| 27 |
> |
| 28 |
> Audit support != sys-process/audit support. |
| 29 |
> |
| 30 |
> 1) sys-freebsd/us?bin packages does not depend on the audit |
| 31 |
> package. This flag controls their own auditing tools. |
| 32 |
> |
| 33 |
> 2) net-dns/opendnssec uses this flag to build auditing tools (and |
| 34 |
> doesn't depend on the audit package). |
| 35 |
> |
| 36 |
> 3) sys-apps/policycoreutils implies more than dependency on the |
| 37 |
> audit package: |
| 38 |
> Enable support for <pkg>sys-process/audit</pkg> and use the audit_* |
| 39 |
> functions (like audit_getuid instead of getuid()) |
| 40 |
|
| 41 |
+1 for making it global. policycoreutils support is very much linked to |
| 42 |
sys-process/audit. SELinux heavily relies on audit stuff. The |
| 43 |
description is actually wrong, it uses audit_getloginuid() instead of |
| 44 |
getuid(). I will fix it. OpenRC also uses that call (only effective when |
| 45 |
selinux is enabled tho) so I will fix that description too. |
| 46 |
|
| 47 |
But again, these are just local additions which do not in any way |
| 48 |
conflict with the global one you are proposing. |
| 49 |
> |
| 50 |
> > "Enable support for <pkg>sys-process/audit</pkg>" |
| 51 |
> > |
| 52 |
> > which is similar to what most packages use? |
| 53 |
> |
| 54 |
> Best regards, |
| 55 |
> Andrew Savchenko |
Archives