[systemd-devel] [PATCH] core: check system call auditing is enabled
Lennart Poettering
lennart at poettering.net
Tue Feb 19 17:36:31 PST 2013
On Tue, 19.02.13 15:52, Jon Stanley (jonstanley at gmail.com) wrote:
>
> On Tue, Feb 19, 2013 at 3:06 PM, Kok, Auke-jan H
> <auke-jan.h.kok at intel.com> wrote:
>
> > Is this really necessary?
>
> I second this concern, for entirely different reasons. In certain
> applications, low latency in the kernel is paramount to all else.
> Enabling CONFIG_AUDIT* would seem to fly in the face of this. I really
> want systemd to be able to be used in these applications, but it seems
> to be getting further and further from possible, not closer. Not
> requiring cgroup controllers was a good first step, and here it seems
> we're going backwards and requiring AUDITING!!!!
>
> $0.02
> -Jon
To clarify this: We never required any cgroup controllers, and we never
required audit. And that's not changing.
Right in contrast to what you are suggesting we actually make more and
more optional of systemd. For example, in systemd git PolicyKit is not
only runtime-optional (which it has been for a long time) but now also
compile-time optional. And there's more...
So, yeah, let's just fix the audit issue and that's it.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list