[systemd-devel] auditd.service and RefuseManualStop

Lennart Poettering lennart at poettering.net
Thu Apr 10 18:14:31 PDT 2014


On Thu, 03.04.14 18:00, Colin Guthrie (gmane at colin.guthr.ie) wrote:

> Alternatively we can do "systemctl kill" in this case prior to uninstall
> and that will work (systemctl kill does not respect RefuseManualStop).

Yeah, this is probably what I'd do.

> Anyway, just wanted to discuss the best approach here. Perhaps the
> upstream unit could be tweaked? Perhaps RefuseManualStop is overkill?

We added RefuseManualStop= justfor this. Don't remember the details
though, why this is a good thing though... Sounds like tpyicial audit
security theatre to me in retrospect...

Steve, what's the precise reason auditd.service makes use of
RefuseManualStop=? 

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list