mirror of
https://github.com/Dasharo/systemd.git
synced 2026-03-06 15:02:31 -08:00
journal: give the ability to enable/disable systemd-journald-audit.socket
Before this patch the only way to prevent journald from reading the audit messages was to mask systemd-journald-audit.socket. However this had main drawback that downstream couldn't ship the socket disabled by default (beside the fact that masking units is not supposed to be the usual way to disable them). Fixes #15777
This commit is contained in:
committed by
Lennart Poettering
parent
8112c91e48
commit
2aba77057e
+1
-2
@@ -123,8 +123,7 @@ units = [
|
||||
'sysinit.target.wants/'],
|
||||
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
|
||||
['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
|
||||
['systemd-journald-audit.socket', '',
|
||||
'sockets.target.wants/'],
|
||||
['systemd-journald-audit.socket', ''],
|
||||
['systemd-journald-dev-log.socket', '',
|
||||
'sockets.target.wants/'],
|
||||
['systemd-journald.socket', '',
|
||||
|
||||
@@ -20,3 +20,7 @@ Service=systemd-journald.service
|
||||
ReceiveBuffer=128M
|
||||
ListenNetlink=audit 1
|
||||
PassCredentials=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
WantedBy=systemd-journald.service
|
||||
|
||||
@@ -38,7 +38,10 @@ RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
RuntimeDirectory=systemd/journal
|
||||
RuntimeDirectoryPreserve=yes
|
||||
Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
|
||||
# Audit socket is not listed here because this unit can be turned off. However
|
||||
# the link between the socket and the service units is still created thanks to
|
||||
# the 'Service=' setting specified in the socket unit.
|
||||
Sockets=systemd-journald.socket systemd-journald-dev-log.socket
|
||||
StandardOutput=null
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
||||
|
||||
Reference in New Issue
Block a user