Re: Rational behind RefuseManualStop=yes in auditd.service
On 07/30/2013 01:25 PM, Steve Grubb wrote:
On Tuesday, July 30, 2013 10:04:46 PM Laurent Bigonville wrote:
> Hi,
>
> I would like to know the rational behind RefuseManualStop=yes in
> auditd.service file.
The short term "fix" is to force admins to use the service command which loads
legacy helper scripts which are pulled from the old SysV init script. It sends
signals in the user's context so that the auid is correct.
You mean this? https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
The problem is that (I believe) this feature isn't in upstream systemd, rather
it's Fedora specific.
If you don't need to meet common criteria requirements, then
patch it out so its the way you like it.
If I'm correct and the above is Fedora specific, I would have thought the better
option was to not use such extensions in the audit svn codebase; rather patch them *in*
via the Fedora rpms. Or make it configure tuneable.
Tony