3c19f00a7f
This patch adds the right tags to each piece of metadata and corrects small errors found in the deployer notes. Closes-bug: 1595669 Change-Id: Ic04aaad85ebf111be5a0bdb01a350442fdea1433
401 B
401 B
---id: V-38557 status: opt-in tag: auditd ---
The audit rules for permission changes made with
fsetxattr are disabled by default as they can generate an
excessive amount of logs in a short period of time, especially during a
deployment.
Deployers can enable auditing for fsetxattr usage by
setting the following Ansible variable:
security_audit_DAC_fsetxattr: yes