diff options
| author | Franck Bui <fbui@suse.com> | 2022-12-06 20:15:43 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-01-11 17:18:57 +0100 |
| commit | 2aba77057e55a1082296c10f61e19d8c5e1eb1f7 (patch) | |
| tree | c5442e5aaeff446daa3d6635b35312e392590b13 /units | |
| parent | 8112c91e484ea1a0ba0277f60a5069dd45a3b4b1 (diff) | |
| download | systemd-2aba77057e55a1082296c10f61e19d8c5e1eb1f7.tar.gz | |
journal: give the ability to enable/disable systemd-journald-audit.socket
Before this patch the only way to prevent journald from reading the audit
messages was to mask systemd-journald-audit.socket. However this had main
drawback that downstream couldn't ship the socket disabled by default (beside
the fact that masking units is not supposed to be the usual way to disable
them).
Fixes #15777
Diffstat (limited to 'units')
| -rw-r--r-- | units/meson.build | 3 | ||||
| -rw-r--r-- | units/systemd-journald-audit.socket | 4 | ||||
| -rw-r--r-- | units/systemd-journald.service.in | 5 |
3 files changed, 9 insertions, 3 deletions
diff --git a/units/meson.build b/units/meson.build index 79e2935a50..69197f0c47 100644 --- a/units/meson.build +++ b/units/meson.build @@ -123,8 +123,7 @@ units = [ 'sysinit.target.wants/'], ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], - ['systemd-journald-audit.socket', '', - 'sockets.target.wants/'], + ['systemd-journald-audit.socket', ''], ['systemd-journald-dev-log.socket', '', 'sockets.target.wants/'], ['systemd-journald.socket', '', diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket index f0c0aebc86..cf9b6e8b84 100644 --- a/units/systemd-journald-audit.socket +++ b/units/systemd-journald-audit.socket @@ -20,3 +20,7 @@ Service=systemd-journald.service ReceiveBuffer=128M ListenNetlink=audit 1 PassCredentials=yes + +[Install] +WantedBy=sockets.target +WantedBy=systemd-journald.service diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 38ba3e2856..ece872c770 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -38,7 +38,10 @@ RestrictRealtime=yes RestrictSUIDSGID=yes RuntimeDirectory=systemd/journal RuntimeDirectoryPreserve=yes -Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket +# Audit socket is not listed here because this unit can be turned off. However +# the link between the socket and the service units is still created thanks to +# the 'Service=' setting specified in the socket unit. +Sockets=systemd-journald.socket systemd-journald-dev-log.socket StandardOutput=null SystemCallArchitectures=native SystemCallErrorNumber=EPERM |