On 1.3.2020 1.04, Tetsuo Handa wrote: > On 2020/03/01 0:41, Topi Miettinen wrote: >> On 29.2.2020 7.30, Tetsuo Handa wrote: >>> Hello. >>> >>> On 2020/02/24 6:27, Topi Miettinen wrote: >>>> Enable many hardening features provided by systemd for tomoyo-auditd. >>>> >>>> Signed-off-by: Topi Miettinen <toiwo****@gmail*****> >>>> --- >>>> Include.make | 1 + >>>> Makefile | 1 + >>>> usr_lib_systemd_system/Makefile | 7 ++++ >>>> usr_lib_systemd_system/tomoyo-auditd.service | 39 ++++++++++++++++++++ >>>> 4 files changed, 48 insertions(+) >>>> create mode 100644 usr_lib_systemd_system/Makefile >>>> create mode 100644 usr_lib_systemd_system/tomoyo-auditd.service >>> >>> Thank you for a patch, but I can't apply this patch because this service file requires >>> more recent systemd versions. I get following errors on systemd-219-67.el7_7.3.x86_64: >> >> Sorry for the rant, but version 219 of systemd is 5 years old. Why on earth would anyone >> use that together with new version of tomoyo-tools from 2020? Typically software is developed >> against current versions of other dependent software, or at least current versions, which are >> common in major distributions like Fedora, Debian or Arch. Otherwise, if there are >> incompatibilities or regressions with the new versions, this will be discovered (in the worst >> case) many years after the other packages have been released. It's the job of those downstream >> distributions, who want to support stable versions or old versions of the software, to backport >> or remove new features which are not yet available in the old versions of other packages. > > Excuse me, but version 219-67.el7_7.3 of systemd is the latest version for RHEL7/CentOS7 users. > I am developing latest kernels on CentOS7. Developing and testing on various environments/ > platforms is good for finding incompatibilities/regressions. But I can't afford testing all > distribution/platform's all applications. Thus, bug reports from users (like > https://osdn.net//projects/tomoyo/ticket/40012 ) are welcomed. > >> >> But if you insist, I can comment out the lines and add a comment stating that it's recommended >> to enable these for current versions systemd. > > Also, there are distributions which do not use systemd. It would be possible to include this service > file into the tar ball or the online documentation, but I don't want to unconditionally install this > service file. Thus, I insist that I can't apply this change which unconditionally requires > availability of upstream latest systemd. OK, please find attached an updated version. The .service files do nothing in case systemd isn't used. Even if the file is installed on a system with systemd, package installation script or the local system administrator has to enable the service before it can take effect. -Topi -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-systemd-service-for-tomoyo-auditd.patch Type: text/x-diff Size: 3144 bytes Desc: not available URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20200301/94714b77/attachment.patch>
TOMOYO
Fork