On Tue, Oct 06, 2015 at 08:58:48PM +0300, Andrew Savchenko wrote: > Hi, > > On Tue, 6 Oct 2015 17:32:07 +0100 Markos Chandras wrote: > > Hi, > > > > The following packages currently use the 'audit' local useflag > > > > ~$ qgrep -N -s -l -e "^IUSE.*audit" | sed "s@-[0-9].*@@" | sort -n | uniq > > > > app-emulation/libvirt > > app-forensics/aide > > dev-util/perf > > gnome-base/gdm > > net-dns/opendnssec > > sys-apps/openrc > > sys-apps/policycoreutils > > sys-apps/shadow > > sys-apps/systemd > > sys-freebsd/freebsd-ubin > > sys-freebsd/freebsd-usbin > > sys-libs/pam > > > > (+ lightdm which I just committed) > > > > How about making it global with the following description? > > Audit support != sys-process/audit support. > > 1) sys-freebsd/us?bin packages does not depend on the audit > package. This flag controls their own auditing tools. > > 2) net-dns/opendnssec uses this flag to build auditing tools (and > doesn't depend on the audit package). > > 3) sys-apps/policycoreutils implies more than dependency on the > audit package: > Enable support for <pkg>sys-process/audit</pkg> and use the audit_* > functions (like audit_getuid instead of getuid())
+1 for making it global. policycoreutils support is very much linked to sys-process/audit. SELinux heavily relies on audit stuff. The description is actually wrong, it uses audit_getloginuid() instead of getuid(). I will fix it. OpenRC also uses that call (only effective when selinux is enabled tho) so I will fix that description too. But again, these are just local additions which do not in any way conflict with the global one you are proposing. > > > "Enable support for <pkg>sys-process/audit</pkg>" > > > > which is similar to what most packages use? > > Best regards, > Andrew Savchenko
