sys-process/audit: Sync with gentoo

It's from gentoo commit 9537582d2381dcbac871953273430ce1391e46aa.

sdk_container/src/third_party/coreos-overlay/sys-process/audit/Manifest

@@ -1,2 +1 @@
-DIST audit-017e6c6ab95df55f34e339d2139def83e5dada1f.patch 854 BLAKE2B 53129e3d90dc0685dbf4cd5403deb6498f04d494e42030617fd9c28da17c2c90e39cdd00449e430cc9bed108fd866fdf78091bcce5bfae8f2a3abc84595c8544 SHA512 58b3e85a505fbd73e405da53e521a0d823c44bd27b7fdb7b1dea790931bcf4531d6e1cad1fc303d4dbb59db2dd3562f0056263a10fe8fcc18d751eafa9d6f418
+DIST audit-3.0.6.tar.gz 1190011 BLAKE2B 93a7efad1cbea6771a73222b05aacbabc4ac61d1efb9fc2532607a94804bcac6512d0be2f4d89aa62d94fb85ba5818ffae4bf0a72676e8d549ddbec766e83e9c SHA512 74734e1b1fddea086db9c5dc8c4b7817917fdf17bc7ca4e5b440aae975484d020a17c3f485f6a37b6b150a307d809e50d559d31a8cbd6f1e554933719551bcd1
-DIST audit-2.8.5_p80866dc78b5d.tar.gz 552094 BLAKE2B adb936a314ef2f11828ee00f3513631e06e2df09e37e68be27b1b694e278116d2f486dbde7ed57c77d9ff0bcd09309ea841959c7a66caed6770f367d65dd14f4 SHA512 7ec103bf076cfac7906748162e78835f1f65dd9d68e3a7466346e0473075beb47897adf88ab9ba0eb42db1953372aafb16cc040674b9a9c887730c062b82540a

sdk_container/src/third_party/coreos-overlay/sys-process/audit/README.md

@@ -1,27 +0,0 @@
-This is a fork of gentoo's `sys-process/audit` package. The main
-reasons for having our fork seem to be:
-
-1. We have our own audit rules (see files in `files/rules.d`
-   directory).
-
-  - These seem to be mostly similar to what gentoo provides, but split
-    into several files and they have an additional rule for SELinux
-    events.
-
-  - We also install it in a different place and place symlinks with
-    systemd's tmpfiles functionality.
-
-2. We install a systemd service that loads our rules at startup.
-
-3. We add a `daemon` use flag that gates a build of `auditd` binary
-   and some more tools. This flag seems to be unused, which results in
-   the daemon and tools not being built. The role of auditd is to
-   write audit records to disk, and both ausearch and aureport utilize
-   those written logs. Since audit logs are also written to journal,
-   writing them to disk seems redundant, thus auditd and the tools
-   seem to be unnecessary. This also reduces the final image size a
-   bit.
-
-4. We don't do the permissions lockdown on some auditd files for some
-   reason. It's either related that we don't build auditd in practice
-   or it's about our own audit rules.

sdk_container/src/third_party/coreos-overlay/sys-process/audit/audit-2.8.5-r1.ebuild

@@ -1,218 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Flatcar: Based on audit-2.8.5-r1.ebuild from commit
-# b9fd64557974fa02bc719f282a1776623072a864 in gentoo repo (see
-# https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-process/audit/audit-2.8.5-r1.ebuild?id=b9fd64557974fa02bc719f282a1776623072a864).
-
-EAPI="6"
-
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-# Flatcar: We don't use preserve-libs.
-inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
-
-DESCRIPTION="Userspace utilities for storing and processing auditing records"
-HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
-# https://github.com/linux-audit/audit-userspace/tree/2.8_maintenance
-COMMIT='80866dc78b5db17010516e24344eaed8dcc6fb99' # contains many fixes not yet released
-if [[ -n $COMMIT ]]; then
-	SRC_URI="https://github.com/linux-audit/audit-userspace/archive/${COMMIT}.tar.gz -> ${P}_p${COMMIT:0:12}.tar.gz"
-	S="${WORKDIR}/audit-userspace-${COMMIT}"
-else
-	SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
-fi
-# -fno-common patch:
-SRC_URI+=" https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f.patch -> ${PN}-017e6c6ab95df55f34e339d2139def83e5dada1f.patch"
-
-LICENSE="GPL-2+ LGPL-2.1+"
-SLOT="0"
-# Flatcar: Build amd64 and arm64 by default.
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-# Flatcar: Daemon USE flag for building (or not) auditd and tools.
-IUSE="daemon gssapi ldap python static-libs"
-# Flatcar: Requiring ldap on audit makes sense only if daemon is set.
-REQUIRED_USE="ldap? ( daemon )
-	python? ( ${PYTHON_REQUIRED_USE} )"
-# Testcases are pretty useless as they are built for RedHat users/groups and kernels.
-RESTRICT="test"
-
-RDEPEND="gssapi? ( virtual/krb5 )
-	ldap? ( net-nds/openldap )
-	sys-libs/libcap-ng
-	python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
-	>=sys-kernel/linux-headers-2.6.34
-	python? ( dev-lang/swig:0 )"
-# Do not use os-headers as this is linux specific
-
-CONFIG_CHECK="~AUDIT"
-
-pkg_setup() {
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	# Do not build GUI tools
-	sed -i \
-		-e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \
-		"${S}"/configure.ac || die
-	sed -i \
-		-e 's,system-config-audit,,g' \
-		"${S}"/Makefile.am || die
-	rm -rf "${S}"/system-config-audit
-
-	# audisp-remote moved in multilib_src_install_all
-	sed -i \
-		-e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
-		"${S}"/audisp/plugins/remote/au-remote.conf || die
-
-	# Don't build static version of Python module.
-	eapply "${FILESDIR}"/${PN}-2.4.3-python.patch
-
-	# glibc/kernel upstreams suck with both defining ia64_fpreg
-	# This patch is a horribly workaround that is only valid as long as you
-	# don't need the OTHER definitions in fpu.h.
-	eapply "${FILESDIR}"/${PN}-2.8.4-ia64-compile-fix.patch
-
-	# -fno-common
-	eapply "${DISTDIR}/${PN}-017e6c6ab95df55f34e339d2139def83e5dada1f.patch"
-
-	eapply_user
-
-	if ! use daemon; then
-		sed -e '/^SUBDIRS =/s/audisp//' \
-			-i Makefile.am || die
-		sed -e '/${DESTDIR}${initdir}/d' \
-			-e '/${DESTDIR}${legacydir}/d' \
-			-i init.d/Makefile.am || die
-		sed -e '/^sbin_PROGRAMS =/s/auditd//' \
-			-e '/^sbin_PROGRAMS =/s/aureport//' \
-			-e '/^sbin_PROGRAMS =/s/ausearch//' \
-			-i src/Makefile.am || die
-	fi
-
-	# Regenerate autotooling
-	eautoreconf
-}
-
-multilib_src_configure() {
-	local ECONF_SOURCE=${S}
-	local my_conf="$(use_enable ldap zos-remote)"
-	econf \
-		${my_conf} \
-		--sbindir="${EPREFIX}/sbin" \
-		$(use_enable gssapi gssapi-krb5) \
-		$(use_enable static-libs static) \
-		--enable-systemd \
-		--without-golang \
-		--without-python \
-		--without-python3
-
-	if multilib_is_native_abi; then
-		python_configure() {
-			mkdir -p "${BUILD_DIR}" || die
-			cd "${BUILD_DIR}" || die
-
-			econf ${my_conf} --without-python --with-python3
-		}
-
-		use python && python_foreach_impl python_configure
-	fi
-}
-
-src_configure() {
-	tc-export_build_env BUILD_{CC,CPP}
-	export CC_FOR_BUILD="${BUILD_CC}"
-	export CPP_FOR_BUILD="${BUILD_CPP}"
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_compile() {
-	if multilib_is_native_abi; then
-		default
-
-		python_compile() {
-			emake -C "${BUILD_DIR}"/bindings/swig \
-				VPATH="${native_build}/lib" \
-				LIBS="${native_build}/lib/libaudit.la" \
-				_audit_la_LIBADD="${native_build}/lib/libaudit.la" \
-				_audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
-				USE_PYTHON3=true
-			emake -C "${BUILD_DIR}"/bindings/python/python3 \
-				VPATH="${S}/bindings/python/python3:${native_build}/bindings/python/python3" \
-				auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
-				USE_PYTHON3=true
-		}
-
-		local native_build="${BUILD_DIR}"
-		use python && python_foreach_impl python_compile
-	else
-		emake -C lib
-		emake -C auparse
-	fi
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
-
-		python_install() {
-			emake -C "${BUILD_DIR}"/bindings/swig \
-				VPATH="${native_build}/lib" \
-				LIBS="${native_build}/lib/libaudit.la" \
-				_audit_la_LIBADD="${native_build}/lib/libaudit.la" \
-				_audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
-				USE_PYTHON3=true \
-				DESTDIR="${D}" install
-			emake -C "${BUILD_DIR}"/bindings/python/python3 \
-				VPATH="${S}/bindings/python/python3:${native_build}/bindings/python/python3" \
-				auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
-				USE_PYTHON3=true \
-				DESTDIR="${D}" install
-		}
-
-		local native_build=${BUILD_DIR}
-		use python && python_foreach_impl python_install
-
-		# things like shadow use this so we need to be in /
-		gen_usr_ldscript -a audit auparse
-	else
-		emake -C lib DESTDIR="${D}" install
-		emake -C auparse DESTDIR="${D}" install
-	fi
-}
-
-multilib_src_install_all() {
-	dodoc AUTHORS ChangeLog README* THANKS
-	docinto contrib
-	dodoc contrib/{avc_snap,skeleton.c}
-	use daemon && docinto contrib/plugin
-	use daemon && dodoc contrib/plugin/*
-	docinto rules
-	dodoc rules/*
-
-	use daemon && newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
-	use daemon && newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
-
-	if use daemon; then
-		[ -f "${ED}"/sbin/audisp-remote ] && \
-			dodir /usr/sbin && \
-			mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
-	fi
-
-	# Flatcar: We install our own rules.
-	insinto /usr/share/audit/rules.d
-	doins "${FILESDIR}"/rules.d/*.rules
-
-	# audit logs go here
-	use daemon && keepdir /var/log/audit/
-
-	find "${D}" -name '*.la' -delete || die
-
-	# Flatcar: Our systemd stuff.
-	systemd_newtmpfilesd "${FILESDIR}"/audit-rules.tmpfiles audit-rules.conf
-	systemd_dounit "${FILESDIR}"/audit-rules.service
-	systemd_enable_service multi-user.target audit-rules.service
-}

sdk_container/src/third_party/coreos-overlay/sys-process/audit/audit-3.0.6.ebuild

@@ -0,0 +1,156 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+
+inherit autotools multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gssapi ldap python static-libs test"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="gssapi? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )
+	sys-libs/libcap-ng
+	python? ( ${PYTHON_DEPS} )"
+DEPEND="${RDEPEND}
+	>=sys-kernel/linux-headers-2.6.34
+	test? ( dev-libs/check )"
+BDEPEND="python? ( dev-lang/swig:0 )"
+
+CONFIG_CHECK="~AUDIT"
+
+src_prepare() {
+	# audisp-remote moved in multilib_src_install_all
+	sed -i \
+		-e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
+		audisp/plugins/remote/au-remote.conf || die
+
+	# Disable installing sample rules so they can be installed as docs.
+	echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null
+
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local -a myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		$(use_enable gssapi gssapi-krb5)
+		$(use_enable ldap zos-remote)
+		$(use_enable static-libs static)
+		--enable-systemd
+		--without-golang
+		--without-python
+		--without-python3
+	)
+
+	ECONF_SOURCE=${S} econf "${myeconfargs[@]}"
+
+	if multilib_is_native_abi && use python; then
+		python_configure() {
+			mkdir -p "${BUILD_DIR}"
+			pushd "${BUILD_DIR}" &>/dev/null || die
+			ECONF_SOURCE=${S} econf "${myeconfargs[@]}" --with-python3
+			popd &>/dev/null || die
+		}
+		python_foreach_impl python_configure
+	fi
+}
+
+src_configure() {
+	tc-export_build_env BUILD_{CC,CPP}
+	local -x CC_FOR_BUILD="${BUILD_CC}"
+	local -x CPP_FOR_BUILD="${BUILD_CPP}"
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+
+		local native_build="${BUILD_DIR}"
+		python_compile() {
+			emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}"
+			emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}"
+		}
+		use python && python_foreach_impl python_compile
+	else
+		emake -C common
+		emake -C lib
+		emake -C auparse
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
+
+		local native_build="${BUILD_DIR}"
+		python_install() {
+			emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install
+			emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install
+			python_optimize
+		}
+		use python && python_foreach_impl python_install
+
+		# things like shadow use this so we need to be in /
+		gen_usr_ldscript -a audit auparse
+	else
+		emake -C lib DESTDIR="${D}" install
+		emake -C auparse DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc AUTHORS ChangeLog README* THANKS
+	docinto contrib
+	dodoc contrib/avc_snap
+	docinto contrib/plugin
+	dodoc contrib/plugin/*
+	docinto rules
+	dodoc rules/*rules
+
+	newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+	[ -f "${ED}"/sbin/audisp-remote ] && \
+	dodir /usr/sbin && \
+	mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+
+	# Gentoo rules
+	insinto /etc/audit
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
+
+	# audit logs go here
+	keepdir /var/log/audit
+
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	# Security
+	lockdown_perms "${ED}"
+}
+
+pkg_postinst() {
+	lockdown_perms "${EROOT}"
+}
+
+lockdown_perms() {
+	# Upstream wants these to have restrictive perms.
+	# Should not || die as not all paths may exist.
+	local basedir="${1}"
+	chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
+	chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
+	chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+}

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit-2.4.3-python.patch

@@ -1,46 +0,0 @@
-diff -ur audit-2.4.3.orig/bindings/python/python2/Makefile.am audit-2.4.3/bindings/python/python2/Makefile.am
---- audit-2.4.3.orig/bindings/python/python2/Makefile.am	2015-07-22 23:35:24.315424091 +0800
-+++ audit-2.4.3/bindings/python/python2/Makefile.am	2015-07-22 23:37:16.861510504 +0800
-@@ -29,5 +29,6 @@
- 
- auparse_la_SOURCES = $(top_srcdir)/bindings/python/auparse_python.c
- auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS)
--auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
-+auparse_la_CFLAGS = -shared
-+auparse_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro
- auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la
-diff -ur audit-2.4.3.orig/bindings/python/python3/Makefile.am audit-2.4.3/bindings/python/python3/Makefile.am
---- audit-2.4.3.orig/bindings/python/python3/Makefile.am	2015-07-22 23:35:24.315424091 +0800
-+++ audit-2.4.3/bindings/python/python3/Makefile.am	2015-07-22 23:37:30.395400641 +0800
-@@ -28,5 +28,6 @@
- 
- auparse_la_SOURCES = $(top_srcdir)/bindings/python/auparse_python.c
- auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS)
--auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
-+auparse_la_CFLAGS = -shared
-+auparse_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro
- auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la
-diff -ur audit-2.4.3.orig/bindings/swig/python/Makefile.am audit-2.4.3/bindings/swig/python/Makefile.am
---- audit-2.4.3.orig/bindings/swig/python/Makefile.am	2015-07-22 23:35:24.316424083 +0800
-+++ audit-2.4.3/bindings/swig/python/Makefile.am	2015-07-22 23:35:53.244189263 +0800
-@@ -28,7 +28,7 @@
- pyexec_LTLIBRARIES = _audit.la
- pyexec_SOLIBRARIES = _audit.so
- _audit_la_CFLAGS = -shared
--_audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
-+_audit_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro
- _audit_la_HEADERS: $(top_builddir)/config.h 
- _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la
- _audit_la_LIBADD = $(top_builddir)/lib/libaudit.la
-diff -ur audit-2.4.3.orig/bindings/swig/python3/Makefile.am audit-2.4.3/bindings/swig/python3/Makefile.am
---- audit-2.4.3.orig/bindings/swig/python3/Makefile.am	2015-07-22 23:35:24.316424083 +0800
-+++ audit-2.4.3/bindings/swig/python3/Makefile.am	2015-07-22 23:36:27.833908482 +0800
-@@ -29,7 +29,7 @@
- py3exec_LTLIBRARIES = _audit.la
- py3exec_SOLIBRARIES = _audit.so
- _audit_la_CFLAGS = -shared
--_audit_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
-+_audit_la_LDFLAGS = -module -avoid-version -shared -Wl,-z,relro
- _audit_la_HEADERS: $(top_builddir)/config.h 
- _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la
- _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit-2.8.4-ia64-compile-fix.patch

@@ -1,195 +0,0 @@
---- a/audisp/audispd.c
-+++ b/audisp/audispd.c
-@@ -21,6 +21,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
---- a/audisp/plugins/prelude/audisp-prelude.c
-+++ b/audisp/plugins/prelude/audisp-prelude.c
-@@ -21,6 +21,8 @@
-  *
-  */
- 
-+#include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <stdlib.h>
- #include <signal.h>
---- a/audisp/plugins/remote/audisp-remote.c
-+++ b/audisp/plugins/remote/audisp-remote.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <signal.h>
- #include <syslog.h>
---- a/configure.ac
-+++ b/configure.ac
-@@ -216,6 +216,9 @@ AC_ARG_ENABLE(zos-remote,
- AM_CONDITIONAL(ENABLE_ZOS_REMOTE, test "x$enable_zos_remote" != "xno")
- AC_MSG_RESULT($enable_zos_remote)
- 
-+AC_CHECK_HEADER([asm/ptrace.h], [AC_DEFINE([HAVE_ASM_PTRACE_H],[],[Define to 1 if you have asm/ptrace.h])], [])
-+AC_CHECK_HEADER([linux/ptrace.h], [AC_DEFINE([HAVE_LINUX_PTRACE_H],[],[Define to 1 if you have linux/ptrace.h])], [])
-+
- #gssapi
- AC_ARG_ENABLE(gssapi_krb5,
- 	[AS_HELP_STRING([--enable-gssapi-krb5],[Enable GSSAPI Kerberos 5 support @<:@default=no@:>@])],
---- a/contrib/plugin/audisp-example.c
-+++ b/contrib/plugin/audisp-example.c
-@@ -37,6 +37,8 @@
-  */
- 
- #define _GNU_SOURCE
-+#include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <signal.h>
- #include <string.h>
---- a/contrib/skeleton.c
-+++ b/contrib/skeleton.c
-@@ -13,6 +13,8 @@
-  * gcc skeleton.c -o skeleton -laudit
-  */
- 
-+#include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/uio.h>
---- /dev/null
-+++ b/lib/fixup.h
-@@ -0,0 +1,17 @@
-+#ifndef _AUDIT_IA64_FIXUP_H_
-+#define _AUDIT_IA64_FIXUP_H_
-+
-+#ifdef __ia64__ /* what a pos */
-+# include <linux/types.h>
-+# define _ASM_IA64_FPU_H
-+#endif
-+#include <signal.h>
-+/*
-+#ifdef HAVE_ASM_PTRACE_H
-+# include <asm/ptrace.h>
-+#endif
-+#ifdef HAVE_LINUX_PTRACE_H
-+# include <linux/ptrace.h>
-+#endif
-+*/
-+#endif
---- a/src/auditctl.c
-+++ b/src/auditctl.c
-@@ -23,6 +23,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <stdlib.h>
- #include <stdbool.h>
---- a/src/auditd-config.c
-+++ b/src/auditd-config.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <unistd.h>
- #include <sys/stat.h>
---- a/src/auditd-dispatch.c
-+++ b/src/auditd-dispatch.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <unistd.h>
- #include <sys/uio.h>
- #include <fcntl.h>
---- a/src/auditd-event.c
-+++ b/src/auditd-event.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdlib.h>
- #include <unistd.h>
- #include <pthread.h>
---- a/src/auditd-listen.c
-+++ b/src/auditd-listen.c
-@@ -23,6 +23,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <unistd.h>
- #include <sys/stat.h>
---- a/src/auditd-reconfig.c
-+++ b/src/auditd-reconfig.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <pthread.h>
- #include <signal.h>
- #include <stdlib.h>
---- a/src/auditd-sendmail.c
-+++ b/src/auditd-sendmail.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <unistd.h>		// for access()
- #include <string.h>
---- a/src/auditd.c
-+++ b/src/auditd.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <sys/types.h>
- #include <unistd.h>
---- a/src/ausearch.c
-+++ b/src/ausearch.c
-@@ -22,6 +22,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <stdio_ext.h>
- #include <string.h>
---- a/src/autrace.c
-+++ b/src/autrace.c
-@@ -21,6 +21,7 @@
-  */
- 
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <string.h>
- #include <sys/wait.h>
---- a/src/delete_all.c
-+++ b/src/delete_all.c
-@@ -20,6 +20,7 @@
-  *      Steve Grubb <sgrubb@redhat.com>
-  */
- #include "config.h"
-+#include "fixup.h"
- #include <stdio.h>
- #include <string.h>
- #include <errno.h>

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit-rules.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Load Security Auditing Rules
-DefaultDependencies=no
-After=local-fs.target systemd-tmpfiles-setup.service
-Conflicts=shutdown.target
-Before=sysinit.target shutdown.target
-ConditionSecurity=audit
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/sbin/augenrules --load
-ExecStop=-/sbin/auditctl -D
-
-[Install]
-WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit-rules.tmpfiles

@@ -1,5 +0,0 @@
-d   /etc/audit                          -   -   -   -   -
-d   /etc/audit/rules.d                  -   -   -   -   -
-L   /etc/audit/rules.d/00-clear.rules   -   -   -   -   /usr/share/audit/rules.d/00-clear.rules
-L   /etc/audit/rules.d/80-selinux.rules -   -   -   -   /usr/share/audit/rules.d/80-selinux.rules
-L   /etc/audit/rules.d/99-default.rules -   -   -   -   /usr/share/audit/rules.d/99-default.rules

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit.rules-2.1.3

@@ -0,0 +1,25 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit.rules.stop.post

@@ -0,0 +1,12 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/audit.rules.stop.pre

@@ -0,0 +1,15 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# Disable kernel generating audit events
+-e 0
+
+# vim:ft=conf:

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/rules.d/00-clear.rules

@@ -1,3 +0,0 @@
-# First rule - delete all
-# This is to clear out old rules, so we don't append to them.
--D

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/rules.d/80-selinux.rules

@@ -1,4 +0,0 @@
-# Enable all SELinux related events
-# 1400 to 1499 are for kernel SELinux use (see /include/uapi/linux/audit.h)
-
--a exclude,never -F msgtype>=1400 -F msgtype<=1499

sdk_container/src/third_party/coreos-overlay/sys-process/audit/files/rules.d/99-default.rules

@@ -1,5 +0,0 @@
-# Always report changes to the audit subsystem itself.
--a exclude,never -F msgtype=CONFIG_CHANGE
-
-# Ignore everything else.
--a exclude,always -F msgtype>0

sdk_container/src/third_party/coreos-overlay/sys-process/audit/metadata.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="project">
 		<email>selinux@gentoo.org</email>
@@ -10,4 +10,7 @@
 	<use>
 		<flag name="gssapi">Enable GSSAPI support</flag>
 	</use>
+	<upstream>
+		<remote-id type="github">linux-audit/audit-userspace</remote-id>
+	</upstream>
 </pkgmetadata>