[systemd-devel] [PATCH] core: check system call auditing is enabled

Kok, Auke-jan H auke-jan.h.kok at intel.com
Tue Feb 19 12:06:37 PST 2013

On Tue, Feb 19, 2013 at 11:29 AM, Jon Masters <jonathan at jonmasters.org> wrote:
> From: Jon Masters <jcm at jonmasters.org>
> Systemd relies upon CONFIG_AUDITSYSCALL support being present in the kernel.
> This is because systemd-logind calls audit_session_from_pid, which uses
> /proc/self/sessionid to determine whether an existing session is being
> replaced as part of e.g. a call to sudo, pkexec, or similar. Without
> support for system call auditing, these commands will silently fail as
> their session is killed immediately after it is created by systemd.
> For now, add a check after the existing cgroups test, but in the future
> these functions should all move into a generic check_kconfig function
> that tests all of the configured kernel options, including these for
> compliance with the evolving base platform requirements of systemd.
> Signed-off-by: Jon Masters <jcm at jonmasters.org>


The security folks here really dislike CONFIG_AUDIT* as (I understand
from them) it potentially leaks confidential information... This
message now comes out rather blunt to those folks who wish to disable
it... I'm not sure I'll appreciate the console spam from this message.

Is this really necessary?


More information about the systemd-devel mailing list