On 26/10/13 16:27, Laurent Bigonville wrote: > It would be nice is audit support was enabled during build. > > This is allowing to have the AVC denials also logged by the audit > subsystem. > > This would add a dependency against libaudit and libcap-ng
I see you intend to take over maintenance of libaudit. In your opinion, are libaudit and libcap-ng generally reasonably bug-free, and of a quality that you would be OK with linking into, for instance, pid 1? (AFAICS it's only dbus-daemon that gets linked to libaudit and libcap-ng, not libdbus; but on systems that rely on D-Bus for networking via NetworkManager/etc. or administrative tasks via systemd/PolicyKit/UPower/ConsoleKit/etc., dbus-daemon needs to be almost as reliable as pid 1.) I want to be reasonably conservative about dbus-daemon's dependencies, particularly given that nobody active in dbus upstream (even the Red Hat/Fedora people...) seems to be willing to say anything authoritative about SELinux - e.g. see <https://bugs.freedesktop.org/show_bug.cgi?id=49062>. If we only call into libaudit on SELinux and not on non-LSM systems, that would make me feel better about it (I'd have to check the code). Enabling it first in experimental, then in unstable later, would probably be a good move. S -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
