summaryrefslogtreecommitdiff
path: root/units
diff options
context:
space:
mode:
Diffstat (limited to 'units')
-rw-r--r--units/systemd-journald-audit.socket18
-rw-r--r--units/systemd-journald.service.in6
2 files changed, 21 insertions, 3 deletions
diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket
new file mode 100644
index 0000000000..ce849da046
--- /dev/null
+++ b/units/systemd-journald-audit.socket
@@ -0,0 +1,18 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Journal Audit Socket
+Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+DefaultDependencies=no
+Before=sockets.target
+
+[Socket]
+Service=systemd-journald.service
+ReceiveBuffer=128M
+ListenNetlink=audit 1
+PassCredentials=yes
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index 4de38fad59..7ee67fd000 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -10,17 +10,17 @@ Description=Journal Service
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Requires=systemd-journald.socket
-After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
+After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
Before=sysinit.target
[Service]
-Sockets=systemd-journald.socket systemd-journald-dev-log.socket
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
ExecStart=@rootlibexecdir@/systemd-journald
Restart=always
RestartSec=0
NotifyAccess=all
StandardOutput=null
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-13 08:05:24 +0000