Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
journald: disable audit support completely from the journal
This patch not only prevents journald to enable audit system unconditionally very early at boot but also prevents it to receive audit messages for the audit netlink and to push them into the journal. The first reason is that when journald enables kernel audit, it does not disable syscall audit (it doesn't load the audit rules), which introduced a global performance hit. This can be minimized if audit service is started but that's not the case for all systems. The second reason is that for systems where audit was disabled by default they will suddenly have audit enabled (unless audit=0 was already passed to the kernel command line). This means tons of audit messages will be sent to dmesg, syslog, journal files, etc... Note also that audit messages are duplicated in the journal since they are received both from kmsg and from the audit netlink. A related bug report can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=1160046. This basically reverts the following upstream commits: - 875c2e2 - 4d9ced9 Upstream issue: systemd/systemd#959 So disable all of this for now until a better option is found or someone comes up with a real use case. [fbui: bsc#984034]
- Loading branch information