| 7 Oct 2025 |
 Grimmauld (any/all) | people running hardened kernel probably need to meet some compliance stuff, and if audit is broken that isn't good in that environment... | 17:02:59 |
| Grimmauld (any/all) | tbh i am more and more tempted to just patch out the asan bit from audit... | 17:03:48 |
 Lun | apparently ubuntu is defaulting mmap_rnd_bits 32, wonder what they did for audit | 17:04:15 |
| Grimmauld (any/all) | i can go look | 17:04:28 |
| Grimmauld (any/all) | but they may not even do audit, they have their apparmor and they shoehorn everything into that | 17:04:46 |
| Grimmauld (any/all) | huh, they just use the debian package | 17:05:48 |
| Grimmauld (any/all) | time to look at that | 17:05:56 |
 K900 | NOPE WE'RE DOING THIS AGAIN | 17:07:59 |
| Grimmauld (any/all) | ugh, is salsa down? | 17:08:06 |
| Lun | I can reach it | 17:09:49 |
 Randy Eckenrode | I saw the ping, but I wasn’t sure what change is needed as a follow up. | 17:11:39 |
| K900 | https://github.com/NixOS/nixpkgs/pull/449572 | 17:13:15 |
| K900 | Don't merge just yet | 17:13:18 |
| K900 | But soon | 17:13:19 |
| Grimmauld (any/all) | nothing special about asan in the ubuntu/debian package either | 17:18:59 |
| Grimmauld (any/all) | good news:
diff --git a/nixos/tests/audit.nix b/nixos/tests/audit.nix
index d3fc558aeec8..a90ef85f117f 100644
--- a/nixos/tests/audit.nix
+++ b/nixos/tests/audit.nix
@@ -18,6 +18,7 @@
];
backlogLimit = 512;
};
+ boot.kernelPackages = pkgs.linuxPackages_hardened;
security.auditd = {
enable = true;
plugins.af_unix.active = true;
and the VM test still passes
| 17:23:08 |
| Grimmauld (any/all) | so this likely does not actually affect users | 17:23:16 |
| Grimmauld (any/all) | diff --git a/auparse/test/Makefile.am b/auparse/test/Makefile.am
index 0692843..f1405eb 100644
--- a/auparse/test/Makefile.am
+++ b/auparse/test/Makefile.am
@@ -33,12 +33,7 @@ DISTCLEANFILES = $(CLEANFILES)
AM_CPPFLAGS = -I${top_srcdir}/auparse -I${top_srcdir}/lib -I${top_srcdir}/common \
-I${top_srcdir}/src
-if HAVE_ASAN
-AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS} ${ASAN_FLAGS}
-AM_LDFLAGS = ${ASAN_FLAGS}
-else
AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS}
-endif
STATIC_LINK = -static
lookup_test_SOURCES = lookup_test.c
does the build succeed with this patch against audit?
| 17:26:16 |
| Grimmauld (any/all) | if that works, thats what i'll go do | 17:26:41 |
| Grimmauld (any/all) | because thats just asan for the test | 17:26:53 |
 Willi Butz | still waiting for the build with pkgsLLVM to complete, need more cores at home :'( | 17:27:05 |
| Grimmauld (any/all) | fair enough | 17:27:12 |
| Grimmauld (any/all) | no worries, i am asking you to do it, so i can't complain. Take your time | 17:27:40 |
| Willi Butz | (actually just looked up prices for potential upgrades ^^) | 17:27:46 |
| K900 | Zen6 when | 17:29:19 |
 Vladimír Čunát | Zen5 isn't bad. 24 cores on my current notebook. | 17:30:09 |
| Vladimír Čunát | * Zen5 isn't bad. 24 cores on my current (thin) notebook. | 17:30:26 |
| K900 | 24 threads | 17:33:05 |
| K900 | I'm running out of 32 threads of Zen4 here :( | 17:33:17 |
| K900 | https://github.com/NixOS/nixpkgs/pull/449577 featuring the triumphant return of the cube | 17:33:57 |
