Bug 227984 - WITHOUT_AUDIT does not function as expected
Summary: WITHOUT_AUDIT does not function as expected
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on: 233046
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-05 02:26 UTC by rozhuk.im
Modified: 2018-11-06 23:59 UTC (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description rozhuk.im 2018-05-05 02:26:04 UTC
/etc/src.conf:
WITHOUT_AUDIT=

system rebuilded,
yes | make delete-old
does not remove rc.d files, /etc/security/audit_* and probably some other files.
Comment 2 Ed Maste freebsd_committer 2018-05-05 15:56:11 UTC
src.conf(5) documents the *_AUDIT knob as:

     WITHOUT_AUDIT
             Set to not build audit support into system programs.

It appears to have two effects:
- controls whether sshd, su, login, id are built with audit support
- controls whether audit, auditd, auditdistd, auditreduce, praudit are built and installed
Comment 3 Alan Somers freebsd_committer 2018-06-11 16:34:49 UTC
I think rozhuk's complaint is valid, though his test method isn't.  There are plenty of other files in etc that are gated by src.conf knobs: ntp, blacklistd, etc.  The audit-related files should be so gated, too.  However, even if they were, "make delete-old" wouldn't remove them.  "make delete-old" only removes files that are no longer needed on any configuration, regardless of src.conf knobs.
Comment 4 Ed Maste freebsd_committer 2018-06-12 01:20:20 UTC
(In reply to Alan Somers from comment #3)
Agreed, my point is just that the description for WITHOUT_AUDIT does not indicate it will remove the audit binaries/files - the documentation will need updating as well if/when this is fixed.
Comment 5 rozhuk.im 2018-06-12 14:49:34 UTC
(In reply to Alan Somers from comment #3)
But it removes bin file, so rc.d script does not work.