auditd.service: set LogsDirectory and RuntimeDirectory, remove tmpfiles dependency #501
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 tasks
Contributor
Author
|
We might also want to set |
LordGrimmauld
force-pushed
the
auditd-service-paths
branch
from
f66749c to
81c7e77
Compare
This ensures systemd will create these directories ahead of starting the auditd service. It also ensures the auditd service has write permissions, even if someone might add additional hardening options to the systemd service in the future. Directory permission bits were copied from the systemd tmpfiles config for the log directory, and `make_audit_run_dir()` for the runtime directory.
With RuntimeDirectory/LogsDirectory set, there is no need to an explicit tmpfiles rule anymore.
LordGrimmauld
force-pushed
the
auditd-service-paths
branch
from
81c7e77 to
0705ca9
Compare
Contributor
Author
Done. I copied directory permission bits from the systemd tmpfiles config for the log directory, and |
Contributor
|
We're taking a break from the audit project. We'll look at this when we're back. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
setting LogsDirectory and RuntimeDirectory ensures systemd will create these directories ahead of starting the auditd service. It also ensures the auditd service has write permissions, even if someone might add additional hardening options to the systemd service in the future. As a result, there is just no more need for the tmpfiles rules.