audit: Disable by default

Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710).
This commit is contained in:
Tuomas Tynkkynen 2016-08-22 18:11:53 +03:00
parent 5eff0b990c
commit 16b3e26da4

View File

@ -55,7 +55,7 @@ in {
security.audit = {
enable = mkOption {
type = types.enum [ false true "lock" ];
default = true; # The kernel seems to enable it by default with no rules anyway
default = false;
description = ''
Whether to enable the Linux audit system. The special `lock' value can be used to
enable auditing and prevent disabling it until a restart. Be careful about locking