coreos · glevand · May 23, 2018 · May 23, 2018 · May 23, 2018
diff --git a/sys-process/audit/audit-2.7.1.ebuild → sys-process/audit/audit-2.7.1-r1.ebuild b/sys-process/audit/audit-2.7.1.ebuild → sys-process/audit/audit-2.7.1-r1.ebuild
@@ -86,7 +86,14 @@ src_prepare() {
 
 multilib_src_configure() {
 	local ECONF_SOURCE=${S}
+	local extra_conf
+
+	if [[ "${ARCH}" == "arm64" ]]; then
+		extra_conf="--with-arm --with-aarch64"
+	fi
+
 	econf \
+		${extra_conf} \
 		--sbindir="${EPREFIX}/sbin" \
 		$(use_enable gssapi gssapi-krb5) \
 		$(use_enable static-libs static) \

diff --git a/sys-process/audit/files/audit-rules.tmpfiles b/sys-process/audit/files/audit-rules.tmpfiles
@@ -1,5 +1,4 @@
 d   /etc/audit                          -   -   -   -   -
 d   /etc/audit/rules.d                  -   -   -   -   -
 L   /etc/audit/rules.d/00-clear.rules   -   -   -   -   /usr/share/audit/rules.d/00-clear.rules
-L   /etc/audit/rules.d/80-selinux.rules -   -   -   -   /usr/share/audit/rules.d/80-selinux.rules
 L   /etc/audit/rules.d/99-default.rules -   -   -   -   /usr/share/audit/rules.d/99-default.rules
diff --git a/sys-process/audit/files/rules.d/80-selinux.rules b/sys-process/audit/files/rules.d/80-selinux.rules
diff --git a/sys-process/audit/files/rules.d/99-default.rules b/sys-process/audit/files/rules.d/99-default.rules
@@ -1,5 +1,10 @@
-# Always report changes to the audit subsystem itself.
--a exclude,never -F msgtype=CONFIG_CHANGE
-
+# Report changes to the audit subsystem (CONFIG_CHANGE).
+# Report all SELinux related events (AVC).
 # Ignore everything else.
--a exclude,always -F msgtype>0
+#
+# Rules on the same line form an AND expression.
+# Rules on on different lines form an OR expression.
+# For info on configuring audit rules see the auditctl man page and
+# https://github.com/torvalds/linux/blob/master/include/uapi/linux/audit.h
+
+-a always,exclude -F msgtype!=AVC -F msgtype!=CONFIG_CHANGE