[systemd-devel] audit paranoia breaks tests

Lennart Poettering lennart at poettering.net
Fri May 3 05:16:56 PDT 2013


On Fri, 03.05.13 04:51, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:

> Hm, one of our tests fails because /usr/lib/systemd/system/auditd.service
> is -rw-r-----. That's crazy. Do we fight it, or work around it?

I'd say fight it. After all this is just annoying and little else since
the parsed information is publically accessible anyway on the bus.

I figure we should try to get the fedora packaging guidelines updated to
say that root:root 664 is the right access mode, and then add checks to
both rpmlint and possibly systemd itself to verify this (though probably
not enforce 664, but at least 444 or so, and no +x bits). 

Currently I see tons of files in /usr/lib/systemd marked +x. This is as
bogus as making them inaccessible, and we should get that fixed.

I have added this to the todo list for now.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the systemd-devel mailing list