diff --git a/sys-process/audit/audit-2.7.1.ebuild b/sys-process/audit/audit-2.7.1-r1.ebuild similarity index 98% rename from sys-process/audit/audit-2.7.1.ebuild rename to sys-process/audit/audit-2.7.1-r1.ebuild index 7f8453ff8a..5d20712f7c 100644 --- a/sys-process/audit/audit-2.7.1.ebuild +++ b/sys-process/audit/audit-2.7.1-r1.ebuild @@ -86,7 +86,14 @@ src_prepare() { multilib_src_configure() { local ECONF_SOURCE=${S} + local extra_conf + + if [[ "${ARCH}" == "arm64" ]]; then + extra_conf="--with-arm --with-aarch64" + fi + econf \ + ${extra_conf} \ --sbindir="${EPREFIX}/sbin" \ $(use_enable gssapi gssapi-krb5) \ $(use_enable static-libs static) \ diff --git a/sys-process/audit/files/audit-rules.tmpfiles b/sys-process/audit/files/audit-rules.tmpfiles index 2c15b63d23..871083b433 100644 --- a/sys-process/audit/files/audit-rules.tmpfiles +++ b/sys-process/audit/files/audit-rules.tmpfiles @@ -1,5 +1,4 @@ d /etc/audit - - - - - d /etc/audit/rules.d - - - - - L /etc/audit/rules.d/00-clear.rules - - - - /usr/share/audit/rules.d/00-clear.rules -L /etc/audit/rules.d/80-selinux.rules - - - - /usr/share/audit/rules.d/80-selinux.rules L /etc/audit/rules.d/99-default.rules - - - - /usr/share/audit/rules.d/99-default.rules diff --git a/sys-process/audit/files/rules.d/80-selinux.rules b/sys-process/audit/files/rules.d/80-selinux.rules deleted file mode 100644 index 627b17db3f..0000000000 --- a/sys-process/audit/files/rules.d/80-selinux.rules +++ /dev/null @@ -1,4 +0,0 @@ -# Enable all SELinux related events -# 1400 to 1499 are for kernel SELinux use (see /include/uapi/linux/audit.h) - --a exclude,never -F msgtype>=1400 -F msgtype<=1499 diff --git a/sys-process/audit/files/rules.d/99-default.rules b/sys-process/audit/files/rules.d/99-default.rules index cc373d8406..f295b9ddf0 100644 --- a/sys-process/audit/files/rules.d/99-default.rules +++ b/sys-process/audit/files/rules.d/99-default.rules @@ -1,5 +1,10 @@ -# Always report changes to the audit subsystem itself. --a exclude,never -F msgtype=CONFIG_CHANGE - +# Report changes to the audit subsystem (CONFIG_CHANGE). +# Report all SELinux related events (AVC). # Ignore everything else. --a exclude,always -F msgtype>0 +# +# Rules on the same line form an AND expression. +# Rules on on different lines form an OR expression. +# For info on configuring audit rules see the auditctl man page and +# https://github.com/torvalds/linux/blob/master/include/uapi/linux/audit.h + +-a always,exclude -F msgtype!=AVC -F msgtype!=CONFIG_CHANGE