98fdd520a0
This patch disables all of the discretionary access control (DAC) auditing in auditd. This should reduce the volume of logs created during deployments and during OpenStack CI jobs. The patch also corrects an incorrect key in the audit logs for V-38568. Closes-Bug: 1620849 Change-Id: I193f739647cfb7d0ce395984b51867bf6bd46cd8
365 B
365 B
Exception
The audit rules for permission changes made with
fchownat are disabled by default as they can generate an
excessive amount of logs in a short period of time, especially during a
deployment.
Deployers can enable auditing for fchownat usage by
setting the following Ansible variable:
security_audit_DAC_fchownat: yes