GitList

Browse code

kernels: linux-esx: Enable audit support

In a bosh stemcell, upon booting, the bosh agent tries to start the
auditd service. When using a Photon OS stemcell with the linux-esx
kernel, the auditd service fails to run because the support for audit
netlink sockets is disabled in the kernel. As a result, the bosh agent
gets confused and goes into an agent restart loop and causes the VM to
get stuck in an unmanageable state. So enable CONFIG_AUDIT in
linux-esx to fix this.

Change-Id: I3e4e5f0ede61ac792557eea448f9df12291f0980
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4539
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>

Srivatsa S. Bhat authored on 2017/12/20 09:50:42
Showing 2 changed files

SPECS/linux/config-esx index ec3b34f..8d75a69 100644
SPECS/linux/linux-esx.spec index c9a2490..1c1d1fd 100644

SPECS/linux/config-esx

History View file @ c915e52

@@ -1,6 +1,6 @@
+                     #
                      # Automatically generated file; DO NOT EDIT.
                     -# Linux/x86 4.9.64 Kernel Configuration
                     +# Linux/x86 4.9.66 Kernel Configuration
+                     #
                      CONFIG_64BIT=y
                      CONFIG_X86_64=y
@@ -76,8 +76,11 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y
                      # CONFIG_CROSS_MEMORY_ATTACH is not set
                      CONFIG_FHANDLE=y
                      # CONFIG_USELIB is not set
                     -# CONFIG_AUDIT is not set
                     +CONFIG_AUDIT=y
                      CONFIG_HAVE_ARCH_AUDITSYSCALL=y
                     +CONFIG_AUDITSYSCALL=y
                     +CONFIG_AUDIT_WATCH=y
                     +CONFIG_AUDIT_TREE=y
+                     #
                      # IRQ subsystem
@@ -850,6 +853,7 @@ CONFIG_NETFILTER_XT_SET=m
+                     #
                      # Xtables targets
+                     #
                     +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
                      CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
                      CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
                      CONFIG_NETFILTER_XT_TARGET_CONNMARK=m

SPECS/linux/linux-esx.spec

History View file @ c915e52

@@ -2,7 +2,7 @@
                      Summary:        Kernel
                      Name:           linux-esx
                      Version:        4.9.66
                     -Release:        1%{?dist}
                     +Release:        2%{?dist}
                      License:        GPLv2
                      URL:            http://www.kernel.org/
                      Group:          System Environment/Kernel
@@ -198,6 +198,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
                      /usr/src/linux-headers-%{uname_r}
                      %changelog
                     +*   Mon Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-2
                     +-   Enable audit support (CONFIG_AUDIT=y)
                      *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1
                      -   Version update
                      *   Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1