1 |
On Tue, Oct 06, 2015 at 08:58:48PM +0300, Andrew Savchenko wrote: |
2 |
> Hi, |
3 |
> |
4 |
> On Tue, 6 Oct 2015 17:32:07 +0100 Markos Chandras wrote: |
5 |
> > Hi, |
6 |
> > |
7 |
> > The following packages currently use the 'audit' local useflag |
8 |
> > |
9 |
> > ~$ qgrep -N -s -l -e "^IUSE.*audit" | sed "s@-[0-9].*@@" | sort -n | uniq |
10 |
> > |
11 |
> > app-emulation/libvirt |
12 |
> > app-forensics/aide |
13 |
> > dev-util/perf |
14 |
> > gnome-base/gdm |
15 |
> > net-dns/opendnssec |
16 |
> > sys-apps/openrc |
17 |
> > sys-apps/policycoreutils |
18 |
> > sys-apps/shadow |
19 |
> > sys-apps/systemd |
20 |
> > sys-freebsd/freebsd-ubin |
21 |
> > sys-freebsd/freebsd-usbin |
22 |
> > sys-libs/pam |
23 |
> > |
24 |
> > (+ lightdm which I just committed) |
25 |
> > |
26 |
> > How about making it global with the following description? |
27 |
> |
28 |
> Audit support != sys-process/audit support. |
29 |
> |
30 |
> 1) sys-freebsd/us?bin packages does not depend on the audit |
31 |
> package. This flag controls their own auditing tools. |
32 |
> |
33 |
> 2) net-dns/opendnssec uses this flag to build auditing tools (and |
34 |
> doesn't depend on the audit package). |
35 |
> |
36 |
> 3) sys-apps/policycoreutils implies more than dependency on the |
37 |
> audit package: |
38 |
> Enable support for <pkg>sys-process/audit</pkg> and use the audit_* |
39 |
> functions (like audit_getuid instead of getuid()) |
40 |
|
41 |
+1 for making it global. policycoreutils support is very much linked to |
42 |
sys-process/audit. SELinux heavily relies on audit stuff. The |
43 |
description is actually wrong, it uses audit_getloginuid() instead of |
44 |
getuid(). I will fix it. OpenRC also uses that call (only effective when |
45 |
selinux is enabled tho) so I will fix that description too. |
46 |
|
47 |
But again, these are just local additions which do not in any way |
48 |
conflict with the global one you are proposing. |
49 |
> |
50 |
> > "Enable support for <pkg>sys-process/audit</pkg>" |
51 |
> > |
52 |
> > which is similar to what most packages use? |
53 |
> |
54 |
> Best regards, |
55 |
> Andrew Savchenko |