[Bug 199864] bsdinstall(8): zfsboot script should create /var/audit dataset
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 2 15:11:57 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199864
Bug ID: 199864
Summary: bsdinstall(8): zfsboot script should create /var/audit
dataset
Product: Base System
Version: 10.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: conf
Assignee: freebsd-bugs at FreeBSD.org
Reporter: jason.unovitch at gmail.com
Created attachment 156238
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156238&action=edit
add /var/audit dataset to usr.sbin/bsdinstall/scripts/zfsboot config
usr.sbin/bsdinstall/scripts/zfsboot currently creates datasets for /var/log but
not /var/audit. While anyone using auditing would likely make adjustments, the
default could be better. There's no good reason to potentially lose audit logs
by keeping them as part of the boot environment instead of on a dedicated
dataset. Additionally, treating logs under /var/log different than audit logs
under /var/audit is not an intuitive default configuration. Attached patch
enables configuring /var/audit by default.
Other Implementation References:
PCBSD creates /var/audit by default with just compression, which is already
enabled at the pool level on FreeBSD since r266108 on HEAD and r267056 on
stable/10.
https://github.com/pcbsd/pcbsd/commit/b1a3938d275d5c283e0fdd2f5a5c1eafe94ea55f
Oracle Solaris 11 does things differently with a symlink of /var/audit to
/var/share/audit to accomplish the same goal of keeping audit logs outside of
the boot environment:
https://docs.oracle.com/cd/E26502_01/html/E21383/glyzj.html
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list