[Pkg-utopia-maintainers] Bug#727771: dbus: Please enable audit support
Simon McVittie
smcv at debian.org
Sat Oct 26 21:39:49 UTC 2013
On 26/10/13 16:27, Laurent Bigonville wrote:
> It would be nice is audit support was enabled during build.
>
> This is allowing to have the AVC denials also logged by the audit
> subsystem.
>
> This would add a dependency against libaudit and libcap-ng
I see you intend to take over maintenance of libaudit. In your opinion,
are libaudit and libcap-ng generally reasonably bug-free, and of a
quality that you would be OK with linking into, for instance, pid 1?
(AFAICS it's only dbus-daemon that gets linked to libaudit and
libcap-ng, not libdbus; but on systems that rely on D-Bus for networking
via NetworkManager/etc. or administrative tasks via
systemd/PolicyKit/UPower/ConsoleKit/etc., dbus-daemon needs to be almost
as reliable as pid 1.)
I want to be reasonably conservative about dbus-daemon's dependencies,
particularly given that nobody active in dbus upstream (even the Red
Hat/Fedora people...) seems to be willing to say anything authoritative
about SELinux - e.g. see
<https://bugs.freedesktop.org/show_bug.cgi?id=49062>.
If we only call into libaudit on SELinux and not on non-LSM systems,
that would make me feel better about it (I'd have to check the code).
Enabling it first in experimental, then in unstable later, would
probably be a good move.
S
More information about the Pkg-utopia-maintainers
mailing list