https://bugzilla.novell.com/show_bug.cgi?id=720617 https://bugzilla.novell.com/show_bug.cgi?id=720617#c4 --- Comment #4 from Christian Boltz <suse-beta@cboltz.de> 2011-09-29 23:20:55 CEST --- (In reply to comment #2)
Regarding aa-eventd: If you decided to remove the daemon itself, I suggest you should also remove its init script. Either add the daemon, or remove its init script.
Valid point, but I have a good excuse: it's an upstream bug ;-) - they removed aa-eventd from make install, but forgot to remove the initscript.
Reports.pm is more difficult - YaST depends on it quite heavily, therefore I would prefer it being added until there is a replacement.
The problem is that it will be quite useless without aa-eventd. Basically aa-eventd writes messages from the audit.log into a database (well, it would if it would understand the new audit.log format) and Reports.pm does some queries on that database. In other words: without aa-eventd, you/Reports.pm will only see an empty database and therefore get an empty report. Reports.pm will most probably "just work" as soon as the database exists and is filled, however you won't get a guarantee for that because it wasn't maintained for years. I discussed this with John - completely rewriting aa-eventd (or merge its features into aa-notify) would be much easier than fixing aa-eventd. Please don't run away screaming - this sounds harder than it is. Most of the features aa-eventd ha{d,s} are already in aa-notify. The only missing things are: 1. create the database 2. write the notifications into the database (needed for Reports.pm) 3. query the database and send out mails every $interval (aa-notify can already write a similar report to the console, but without using a database and only for "all events", not for "events for /usr/bin/foo". This can be solved in two ways: a) add the missing parts to aa-notify or b) move some subs with shared code from aa-notify to a perl module and write a small new aa-eventd script that only contains non-shared code I'd prefer method b), but I'll leave the decision to the person who implements it. And that's where you can join the game: Are you interested to implement this? It would be more fun than disabling half of the YaST modules ;-) I'll send you the IRC log from #apparmor (on irc.oftc.net, not freenode) with more details of what I summarized above. Feel free to ask on IRC if you have questions and/or ask on the apparmor mailinglist.
actually, I tried to make it at least somehow work as part of the SUSE HackWeek :-)
That's a very good choice for your hackweek project :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.