On 2020/03/01 0:41, Topi Miettinen wrote: > On 29.2.2020 7.30, Tetsuo Handa wrote: >> Hello. >> >> On 2020/02/24 6:27, Topi Miettinen wrote: >>> Enable many hardening features provided by systemd for tomoyo-auditd. >>> >>> Signed-off-by: Topi Miettinen <toiwo****@gmail*****> >>> --- >>> Include.make | 1 + >>> Makefile | 1 + >>> usr_lib_systemd_system/Makefile | 7 ++++ >>> usr_lib_systemd_system/tomoyo-auditd.service | 39 ++++++++++++++++++++ >>> 4 files changed, 48 insertions(+) >>> create mode 100644 usr_lib_systemd_system/Makefile >>> create mode 100644 usr_lib_systemd_system/tomoyo-auditd.service >> >> Thank you for a patch, but I can't apply this patch because this service file requires >> more recent systemd versions. I get following errors on systemd-219-67.el7_7.3.x86_64: > > Sorry for the rant, but version 219 of systemd is 5 years old. Why on earth would anyone > use that together with new version of tomoyo-tools from 2020? Typically software is developed > against current versions of other dependent software, or at least current versions, which are > common in major distributions like Fedora, Debian or Arch. Otherwise, if there are > incompatibilities or regressions with the new versions, this will be discovered (in the worst > case) many years after the other packages have been released. It's the job of those downstream > distributions, who want to support stable versions or old versions of the software, to backport > or remove new features which are not yet available in the old versions of other packages. Excuse me, but version 219-67.el7_7.3 of systemd is the latest version for RHEL7/CentOS7 users. I am developing latest kernels on CentOS7. Developing and testing on various environments/ platforms is good for finding incompatibilities/regressions. But I can't afford testing all distribution/platform's all applications. Thus, bug reports from users (like https://osdn.net//projects/tomoyo/ticket/40012 ) are welcomed. > > But if you insist, I can comment out the lines and add a comment stating that it's recommended > to enable these for current versions systemd. Also, there are distributions which do not use systemd. It would be possible to include this service file into the tar ball or the online documentation, but I don't want to unconditionally install this service file. Thus, I insist that I can't apply this change which unconditionally requires availability of upstream latest systemd.
TOMOYO
Fork