commit: 78facf59712d74ee10ce59d60c917081f4e5545e Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Nov 27 02:11:40 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Nov 27 02:11:40 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78facf59
sys-apps/systemd: rebase patch for live Signed-off-by: Sam James <sam <AT> gentoo.org> .../systemd/files/gentoo-journald-audit-r4.patch | 51 ++++++++++++++++++++++ sys-apps/systemd/systemd-9999.ebuild | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/sys-apps/systemd/files/gentoo-journald-audit-r4.patch b/sys-apps/systemd/files/gentoo-journald-audit-r4.patch new file mode 100644 index 000000000000..e7906f4137d1 --- /dev/null +++ b/sys-apps/systemd/files/gentoo-journald-audit-r4.patch @@ -0,0 +1,51 @@ +From 0f16422e52ef793407d1cbef0c38eff29d6e251c Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <[email protected]> +Date: Wed, 17 Sep 2025 15:40:57 -0400 +Subject: [PATCH] journald: do not change the kernel audit setting by default + +Bug: https://bugs.gentoo.org/736910 +--- + man/journald.conf.xml | 2 +- + src/journal/journald-config.c | 2 +- + src/journal/journald.conf.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 1d615b110d..4676d674a2 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -483,7 +483,7 @@ + turn it off. When <literal>keep</literal> it will neither enable nor disable it, leaving the previous + state unchanged. This means if another tool turns on auditing even if + <command>systemd-journald</command> left it off, it will still collect the generated messages. +- Defaults to yes in the default journal namespace, and <literal>keep</literal> otherwise.</para> ++ Defaults to <literal>keep</literal>.</para> + + <!-- Explicit assignment of an empty string is equivalent to 'keep', for backward compatibility. --> + +diff --git a/src/journal/journald-config.c b/src/journal/journald-config.c +index 8cffec880b..ea3bb34a76 100644 +--- a/src/journal/journald-config.c ++++ b/src/journal/journald-config.c +@@ -123,7 +123,7 @@ void manager_merge_configs(Manager *m) { + MERGE_NON_NEGATIVE(read_kmsg, !m->namespace); + /* By default, kernel auditing is enabled by the main namespace instance, and not controlled by + * non-default namespace instances. */ +- MERGE_NON_NEGATIVE(set_audit, m->namespace ? AUDIT_KEEP : AUDIT_YES); ++ MERGE_NON_NEGATIVE(set_audit, AUDIT_KEEP); + MERGE_NON_ZERO(sync_interval_usec, DEFAULT_SYNC_INTERVAL_USEC); + + /* TODO: also merge them when comdline or credentials support to configure them. */ +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 9a12ca7657..3be3ed7327 100644 +--- a/src/journal/journald.conf.in ++++ b/src/journal/journald.conf.in +@@ -47,4 +47,4 @@ + #MaxLevelSocket=debug + #LineMax=48K + #ReadKMsg=yes +-#Audit=yes ++#Audit=keep +-- +2.51.0 + diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index a5d73190b584..ade9936865f4 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -282,7 +282,7 @@ src_prepare() { if ! use vanilla; then PATCHES+=( - "${FILESDIR}/gentoo-journald-audit-r3.patch" + "${FILESDIR}/gentoo-journald-audit-r4.patch" ) fi
