augenrules: fixes for non-FHS-compliant systems#500
Merged
stevegrubb merged 4 commits intolinux-audit:masterfrom Dec 25, 2025
Merged
augenrules: fixes for non-FHS-compliant systems#500stevegrubb merged 4 commits intolinux-audit:masterfrom
stevegrubb merged 4 commits intolinux-audit:masterfrom
Conversation
We already use rm and mktemp from $PATH, it makes little sense to use an absolute path just for `ls`. It is part of coreutils too.
expecting a shell to be in `/bin/sh` is not super portable for non-FHS systems. While systemd does implicitly expect /bin/sh to exist, this may not be the case on systemd-less systems. `/usr/bin/env` is still an absolute path, but at least using env allows replacing the interpreter shell via $PATH.
This allows running augenrules even if auditctl was not installed to `/sbin/auditctl` at system-wide fs root. This may be the case e.g. on non-FHS-compliant systems, as well as during testing when installing to a temporary prefix.
14 tasks
Contributor
|
We're taking a break from the audit project. We'll look at this when we're back. |
Contributor
|
OK, thanks for your patience. Looks ok. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These changes are useful on FHS-noncompliant systems, such as NixOS.
Currently,
augenrulesis just broken. In an effort to align our package more closely with upstream, i wanted to make use of this script. However, its reliance on absolute paths is a detriment to that effort, requiring some patching:NixOS/nixpkgs@d54599d
Prefixing
$PATHis normal and common, but i would rather we don't need to replace paths toauditctlandls.