[systemd-devel] auditd.service and RefuseManualStop
Lennart Poettering
lennart at poettering.net
Thu Apr 10 18:14:31 PDT 2014
On Thu, 03.04.14 18:00, Colin Guthrie (gmane at colin.guthr.ie) wrote:
> Alternatively we can do "systemctl kill" in this case prior to uninstall
> and that will work (systemctl kill does not respect RefuseManualStop).
Yeah, this is probably what I'd do.
> Anyway, just wanted to discuss the best approach here. Perhaps the
> upstream unit could be tweaked? Perhaps RefuseManualStop is overkill?
We added RefuseManualStop= justfor this. Don't remember the details
though, why this is a good thing though... Sounds like tpyicial audit
security theatre to me in retrospect...
Steve, what's the precise reason auditd.service makes use of
RefuseManualStop=?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list