Accepting request 1205295 from security

OBS-URL: https://build.opensuse.org/request/show/1205295 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=107
2024-10-03 15:59:59 +00:00 · 2024-10-03 15:59:59 +00:00 · 757054e43f
commit 757054e43f
parent 66d350687b 1878dbbb84
4 changed files with 50 additions and 0 deletions
--- a/audit-allow-manual-stop.patch
+++ b/audit-allow-manual-stop.patch
@ -0,0 +1,23 @@
+From: Tony Jones <tonyj@suse.de>
+Subject: allow service stop
+References: https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
+References: https://www.redhat.com/archives/linux-audit/2013-July/msg00048.html
+---
+
+legacy-actions is Fedora specific, so blocking manual stop won't work for
+SUSE since we lack the ability to use a custom stop/restart
+
+
+ init.d/auditd.service |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/init.d/auditd.service
+++ b/init.d/auditd.service
+@@ -14,7 +14,6 @@ After=local-fs.target systemd-tmpfiles-s
+ Before=sysinit.target shutdown.target
+ ##Before=shutdown.target
+ Conflicts=shutdown.target
+-RefuseManualStop=yes
+ 
+ Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
+ 
--- a/audit-secondary.changes
+++ b/audit-secondary.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Oct  2 11:15:07 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Readd audit-allow-manual-stop.patch (removed by mistake)
+
+-------------------------------------------------------------------
+Tue Oct  1 14:43:13 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Fix plugin termination when using systemd service units (bsc#1215377)
+  * add auditd.service-fix-plugin-termination.patch
+
 -------------------------------------------------------------------
 Thu Sep 26 16:51:29 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>

--- a/audit-secondary.spec
+++ b/audit-secondary.spec
@ -39,6 +39,8 @@ Patch6:         change-default-log_format.patch
 Patch7:         fix-hardened-service.patch
 Patch8:         enable-stop-rules.patch
 Patch9:         fix-auparse-test.patch
+Patch10:        auditd.service-fix-plugin-termination.patch
+Patch11:        audit-allow-manual-stop.patch
 BuildRequires:  audit-devel = %{version}
 BuildRequires:  autoconf >= 2.12
 BuildRequires:  kernel-headers >= 2.6.30
--- a/auditd.service-fix-plugin-termination.patch
+++ b/auditd.service-fix-plugin-termination.patch
@ -0,0 +1,14 @@
+---
+ init.d/auditd.service |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/init.d/auditd.service
+++ b/init.d/auditd.service
+@@ -29,6 +29,7 @@ ExecStopPost=/sbin/auditctl -R /etc/audi
+ Restart=on-failure
+ # Do not restart for intentional exits. See EXIT CODES section in auditd(8).
+ RestartPreventExitStatus=2 4 6
+KillMode=mixed
+ 
+ ### Security Settings ###
+ MemoryDenyWriteExecute=true