Hi, Seems the upstream audit package includes this unit:
[Unit] Description=Security Auditing Service DefaultDependencies=no After=local-fs.target Conflicts=shutdown.target Before=sysinit.target shutdown.target RefuseManualStop=yes [Service] ExecStart=/sbin/auditd -n ## To use augenrules, copy this file to /etc/systemd/system/auditd.service ## and uncomment the next line and delete/comment out the auditctl line. ## Then copy existing rules to /etc/audit/rules.d/ ## Not doing this last step can cause loss of existing rules #ExecStartPost=-/sbin/augenrules --load ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target Obviously, the RefuseManualStop here makes it impossible to stop this service when the package is uninstalled. Failed to issue method call: Operation refused, unit auditd.service may be requested by dependency only. Technically we can call systemctl stop *after* the unit file has disappeared (and possibly the daemon reloaded) and systemd will apparently tidy up the processes in the cgroup, but this seems wrong and dirty (a slightly less dirty approach would be to add a temporary dropin file to override RefuseManualStop, do a reload and then stop it, then remove the dropin file, but this also feels somewhat cumbersome). Alternatively we can do "systemctl kill" in this case prior to uninstall and that will work (systemctl kill does not respect RefuseManualStop). I also tried using systemctl stop with --force and --ignore-dependences but neither overrode the RefuseManualStop=yes directive (unsurprisingly) There are also problems restarting the daemon on upgrade but perhaps this should be generally avoided for audit? Anyway, just wanted to discuss the best approach here. Perhaps the upstream unit could be tweaked? Perhaps RefuseManualStop is overkill? Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel