98fdd520a0
This patch disables all of the discretionary access control (DAC) auditing in auditd. This should reduce the volume of logs created during deployments and during OpenStack CI jobs. The patch also corrects an incorrect key in the audit logs for V-38568. Closes-Bug: 1620849 Change-Id: I193f739647cfb7d0ce395984b51867bf6bd46cd8
26 lines
966 B
YAML
26 lines
966 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
All of the discretionary access control (DAC) auditing is now disabled by
|
|
default. This reduces the amount of logs generated during deployments and
|
|
minor upgrades. The following variables are now set to ``no``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_audit_DAC_chmod: no
|
|
security_audit_DAC_chown: no
|
|
security_audit_DAC_lchown: no
|
|
security_audit_DAC_fchmod: no
|
|
security_audit_DAC_fchmodat: no
|
|
security_audit_DAC_fchown: no
|
|
security_audit_DAC_fchownat: no
|
|
security_audit_DAC_fremovexattr: no
|
|
security_audit_DAC_lremovexattr: no
|
|
security_audit_DAC_fsetxattr: no
|
|
security_audit_DAC_lsetxattr: no
|
|
security_audit_DAC_setxattr: no
|
|
fixes:
|
|
- The auditd rules for auditing V-38568 (filesystem mounts) were incorrectly
|
|
labeled in the auditd logs with the key of ``export-V-38568``. They are
|
|
now correctly logged with the key ``filesystem_mount-V-38568``.
|