From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tony Jones Subject: Re: Rational behind RefuseManualStop=yes in auditd.service Date: Wed, 18 Dec 2013 13:16:11 -0800 Message-ID: <52B2109B.9070802@suse.de> References: <20130730220446.0dced4f5@fornost.bigon.be> <3276481.Os0RojCrYf@x2> <529E3C0F.8040607@suse.de> <1387399090.29366.22.camel@flatline.rdu.redhat.com> <52B20E89.1050706@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <52B20E89.1050706@suse.de> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Eric Paris Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On 12/18/2013 01:07 PM, Tony Jones wrote: > On 12/18/2013 12:38 PM, Eric Paris wrote: > >> He made the change in the upstream repo, because that's what you need >> for certification purposes. Personally, I hate it, cause i don't give a >> hoot about that and would rather things to be consistent, but that's the >> rational. A certifiable audit needs what he has in the repo. If we >> ever get all of the credential data available to systemd it can be >> reverted... > > This doesn't really make a lot of sense as a certifiable audit presumably also needs the local Fedora specific changes to systemd, which are not in the upstream systemd repo. So I'd have thought the Fedora specific audit package was a perfectly suitable location for the audit changes rather than the main audit svn repo. OIC, you were talking purely of the addition of the RefuseManualStop=yes, Sorry, I was talking more about the presence of utility scripts in the svn repo that are Fedora specific since they rely on Fedora systemd extensions. Anyhow, as I said, not a big deal. Thanks for reply.