diff options
| author | Franck Bui <fbui@suse.com> | 2022-12-06 20:15:43 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-01-11 17:18:57 +0100 |
| commit | 2aba77057e55a1082296c10f61e19d8c5e1eb1f7 (patch) | |
| tree | c5442e5aaeff446daa3d6635b35312e392590b13 /man/journald.conf.xml | |
| parent | 8112c91e484ea1a0ba0277f60a5069dd45a3b4b1 (diff) | |
| download | systemd-2aba77057e55a1082296c10f61e19d8c5e1eb1f7.tar.gz | |
journal: give the ability to enable/disable systemd-journald-audit.socket
Before this patch the only way to prevent journald from reading the audit
messages was to mask systemd-journald-audit.socket. However this had main
drawback that downstream couldn't ship the socket disabled by default (beside
the fact that masking units is not supposed to be the usual way to disable
them).
Fixes #15777
Diffstat (limited to 'man/journald.conf.xml')
| -rw-r--r-- | man/journald.conf.xml | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 24cee4c8b2..50c33e4792 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -423,13 +423,18 @@ <varlistentry> <term><varname>Audit=</varname></term> - <listitem><para>Takes a boolean value. If enabled <command>systemd-journal</command> will turn on + <listitem><para>Takes a boolean value. If enabled <command>systemd-journald</command> will turn on kernel auditing on start-up. If disabled it will turn it off. If unset it will neither enable nor - disable it, leaving the previous state unchanged. Note that this option does not control whether - <command>systemd-journald</command> collects generated audit records, it just controls whether it - tells the kernel to generate them. This means if another tool turns on auditing even if - <command>systemd-journald</command> left it off, it will still collect the generated - messages. Defaults to on.</para></listitem> + disable it, leaving the previous state unchanged. This means if another tool turns on auditing even + if <command>systemd-journald</command> left it off, it will still collect the generated + messages. Defaults to on.</para> + + <para>Note that this option does not control whether <command>systemd-journald</command> collects + generated audit records, it just controls whether it tells the kernel to generate them. If you need + to prevent <command>systemd-journald</command> from collecting the generated messages, the socket + unit <literal>systemd-journald-audit.socket</literal> can be disabled and in this case this setting + is without effect.</para> + </listitem> </varlistentry> <varlistentry> |