Trying to make a bootable persistent USB-flash-key and are mounting as many folder as possible to tmpfs e.g.:
tmpfs /tmp tmpfs defaults,noatime,nosuid,size=1024m 0 0
tmpfs /var/tmp tmpfs defaults,noatime,nosuid,size=30m 0 0
tmpfs /var/log tmpfs defaults,noatime,nosuid,mode=0755,size=200m 0 0
tmpfs /var/run tmpfs defaults,noatime,nosuid,mode=0755,size=100m 0 0
In other distros the worked fine but RHEL’ish seem to require the existence of /var/log/audit/ and/or /var/log/audit/audit.log for the audit daemon to start.
I tried to come around it by modifying /etc/audit/auditd.conf:
#log_file = /var/log/audit/audit.log
log_file = /var/log/audit.log
But I still get errors in the journal log:
auditd[599]: Unable to create /var/log/audit.log (Permission denied)
Dec 06 07:21:49 COS-SDK-01 auditd[599]: Couldn't create log file /var/log/audit.log (Permission denied)
Dec 06 07:21:49 COS-SDK-01 auditd[599]: The audit daemon is exiting.
Dec 06 07:21:49 COS-SDK-01 auditd[598]: Cannot daemonize (No child processes)
I then changed the mount permission if fstab to 0777 (read, write, execute to all) but it didn’t help.
Any trick to solve this?
UPDATE:
It’s just a utility/maintenance USB-stick, so I guess I don’t need the audit-daemon so I tried to disable auto-start of the daemon and everything seem to run fine, not sure what it’s for, but “audit” smell like something I don’t need for a util stick.