[Bug 199864] bsdinstall(8): zfsboot script should create /var/audit dataset

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199864

            Bug ID: 199864
           Summary: bsdinstall(8): zfsboot script should create /var/audit
                    dataset
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: conf
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: jason.unovitch at gmail.com

Created attachment 156238
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156238&action=edit
add /var/audit dataset to usr.sbin/bsdinstall/scripts/zfsboot config

usr.sbin/bsdinstall/scripts/zfsboot currently creates datasets for /var/log but
not /var/audit.  While anyone using auditing would likely make adjustments, the
default could be better.  There's no good reason to potentially lose audit logs
by keeping them as part of the boot environment instead of on a dedicated
dataset.  Additionally, treating logs under /var/log different than audit logs
under /var/audit is not an intuitive default configuration.  Attached patch
enables configuring /var/audit by default.

Other Implementation References:

PCBSD creates /var/audit by default with just compression, which is already
enabled at the pool level on FreeBSD since r266108 on HEAD and r267056 on
stable/10.
https://github.com/pcbsd/pcbsd/commit/b1a3938d275d5c283e0fdd2f5a5c1eafe94ea55f

Oracle Solaris 11 does things differently with a symlink of /var/audit to
/var/share/audit to accomplish the same goal of keeping audit logs outside of
the boot environment:
https://docs.oracle.com/cd/E26502_01/html/E21383/glyzj.html

-- 
You are receiving this mail because:
You are the assignee for the bug.