This includes the `auditd` binary and systemd unit as part of the
distro. While journald is also able to handle logs from the linux audit
subsystem, auditd provides audit-specific capabilities that are
necessary in deployments subject to regulatory compliance.
For one, an administrator is able to configure audit log writing policy
to ensure that logs land on disk and nothing is missed (`flush`). We
wouldn't want such policy through journald as it woudl sync and ensure
all logs which might be undesirable and too resource intensive. In
short, this allows us to configure different management policies for
audit logs compared to general logs.
It allows us to explicitly configure the node's reaction to errors such
as the disk beign full, the disk having other issues or space constraints.
While Flatcar is not Common Criteria certified which would require the
system to shut down if audit logs present issues (not written or
collected), some FedRAMP environments do require actions such as
notifications (which could be achieved via syslog). This can be
explicitly done with auditd as well.
Co-authored-by: Kai Lüke <pothos@users.noreply.github.com>
- Consolidate them (so enabling selinux and disabling hybrid cgroups
was moved).
- Remove outdated masks (arm64 does not mask any use flags any more)
and use flags (ssl was replaced in favor of +openssl and gnutls,
introspection is gone).
- Add gnuefi (for bootctl, earlier it was built if we requested
general efi support, now it's built when support also for gnu-efi is
requested).
Fix build issues when building firmware 20220209 by bumping the cxbg4
firmware version to 1.26.6.0. Without that, build fails like:
```
* Scanning for files required by 5.15.22-flatcar
* Missing firmware: cxgb4/t6fw.bin (cxgb4.ko.xz)
* Missing firmware: cxgb4/t5fw.bin (cxgb4.ko.xz)
* Missing firmware: cxgb4/t4fw.bin (cxgb4.ko.xz)
```
Update net-analyzer/netperf to 2.7.0-r3, as needed by gcc 10.
Without that update, build fails like:
```
/usr/libexec/gcc/x86_64-cros-linux-gnu/ld:
nettest_omni.o:.../src/nettest_omni.c:455: multiple definition of `loc_nodelay';
nettest_omni.o:.../src/nettest_omni.c:455: multiple definition of `loc_nodelay';
nettest_bsd.o:.../src/nettest_bsd.c:206: first defined here
```
Update sys-apps/kexec-tools to 2.0.22, as needed by gcc 10.
Without that update, build fails like:
```
/usr/libexec/gcc/x86_64-cros-linux-gnu/ld:
kexec/arch/x86_64/kexec-bzImage64.o:.../kexec/arch/x86_64/kexec-bzImage64.c:45:
multiple definition of `bzImage_support_efi_boot';
kexec/arch/i386/kexec-bzImage.o:.../kexec/arch/i386/kexec-bzImage.c:43:
first defined here
```
Update sys-power/iasl to 20200717, as needed by gcc 10.
Without that update, build fails like:
```
.../x86_64-pc-linux-gnu/bin/ld: obj/aslcompilerparse.o:(.bss+0x8):
multiple definition of `AslCompilerlval';
obj/aslcompilerlex.o:(.bss+0x8): first defined here
.../x86_64-pc-linux-gnu/bin/ld: obj/prparserlex.o:(.bss+0x0):
multiple definition of `LexBuffer';
obj/dtparserlex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
```
Update sys-fs/squashfs-tools to 4.5_p20210914, as needed by gcc 10.
Without that update, build fails like:
```
.../x86_64-pc-linux-gnu/bin/ld: read_fs.o:(.bss+0x0):
multiple definition of `fwriter_buffer';
mksquashfs.o:(.bss+0x400be8): first defined here
```
