On 10/13/2015 01:03 PM, Steve Grubb wrote: >> No, it's the default audit.rules (-D, -b320). No actual rules loaded. >> Let me add some instrumentation and figure out what's going on. auditd >> is masked (via systemd) but systemd-journal seems to set audit_enabled=1 >> during startup (at least on our systems). > > Tony, > > We have bz 1227379 > https://bugzilla.redhat.com/show_bug.cgi?id=1227379 > > There is a patch attached to disable systemd's propensity to turn on the > audit > system. Are people complaining and opening bugs in your distribution? If so, > that might add more ammunition to get that fixed.
Hi Steve we only have the one bug and it's related to: 1) noisy klog between when systemd enables audit and user manually disables it (rh bz#1160046) 2) after user manually disables audit (audit_enabled=0) seccomp messages still are output. tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html