From e9a8f48f315067f178139d27821b1fff2462de4b Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 29 Jul 2015 19:05:04 -0700
Subject: [PATCH] coreos-kernel: add use flag for controlling audit

---
 .../third_party/coreos-overlay/eclass/coreos-kernel.eclass  | 6 +++++-
 .../sys-kernel/coreos-kernel/files/amd64_defconfig-4.0      | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass
index 5d59e56ddf..23fac31698 100644
--- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass
@@ -18,7 +18,7 @@ HOMEPAGE="http://www.kernel.org"
 LICENSE="GPL-2 freedist"
 SLOT="0/${PVR}"
 SRC_URI=""
-IUSE="selinux"
+IUSE="audit selinux"
 
 DEPEND="=sys-kernel/coreos-sources-${COREOS_SOURCE_VERSION}
 	sys-kernel/bootengine:="
@@ -139,6 +139,10 @@ coreos-kernel_src_prepare() {
 }
 
 coreos-kernel_src_configure() {
+	if ! use audit; then
+		sed -i -e '/^CONFIG_CMDLINE=/s/"$/ audit=0"/' \
+			"${KBUILD_OUTPUT}/.config" || die
+	fi
 	if ! use selinux; then
 		sed -i -e '/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE/d' \
 			"${KBUILD_OUTPUT}/.config" || die
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.0 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.0
index 8bad3406d9..bdb2880d97 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.0
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.0
@@ -97,7 +97,7 @@ CONFIG_CRASH_DUMP=y
 CONFIG_KEXEC_JUMP=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
 CONFIG_CMDLINE_BOOL=y
-CONFIG_CMDLINE="init=/usr/lib/systemd/systemd rootflags=rw mount.usrflags=ro audit=0"
+CONFIG_CMDLINE="init=/usr/lib/systemd/systemd rootflags=rw mount.usrflags=ro"
 CONFIG_HIBERNATION=y
 # CONFIG_ACPI_AC is not set
 # CONFIG_ACPI_BATTERY is not set