audit-manager: enable logging.audit by default when libaudit support is available

Previously, when compiling NetworkManager with libaudit support, it
was disabled by default and only used after setting logging.audit=true.

Turn that around. If we compile NetworkManager with audit support, we also
enable it by default. The user can then explicitly disable it by
configuring logging.audit in NetworkManager.conf.

But also, add a configure option 'yes-disabled-by-default' to compile
with audit support, but have it disabled by default. This would be the
previous behavior, but it must be enabled explicitly.

Fixes: be49a59fb6

configure.ac

@@ -495,20 +495,30 @@ else
 fi
 
 # libaudit support
-AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit=yes|no|auto], [Build with audit daemon support (default: auto)]),,[with_libaudit=auto])
-if test "$with_libaudit" = "yes" -o "$with_libaudit" = "auto"; then
+AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit=yes|yes-disabled-by-default|no|auto], [Build with audit daemon support (default: auto). yes-disabled-by-default enables support, but disables it unless explicitly configured via NetworkManager.conf]),,[with_libaudit=auto])
+if test "$with_libaudit" = "yes" -o test "$with_libaudit" = "yes-disabled-by-default"-o "$with_libaudit" = "auto"; then
     PKG_CHECK_MODULES(LIBAUDIT, audit, [have_libaudit=yes], [have_libaudit=no])
+    if test "$with_libaudit" != "auto" -a "$have_libaudit" = "no"; then
+        AC_MSG_ERROR([You must have libaudit installed to build --with-libaudit=$with_libaudit.])
+    fi
 else
     have_libaudit=no
 fi
-if test "$with_libaudit" = "yes" -a "$have_libaudit" = "no"; then
-    AC_MSG_ERROR([You must have libaudit installed to build --with-libaudit=yes.])
-fi
 if test "$have_libaudit" = "yes"; then
     AC_DEFINE(HAVE_LIBAUDIT, 1, [Define if you have libaudit support])
+	if test "$with_libaudit" = "yes-disabled-by-default"; then
+		AC_DEFINE(NM_CONFIG_DEFAULT_LOGGING_AUDIT, FALSE, [The default value of the logging.audit configuration option])
+		NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT='false'
+	else
+		AC_DEFINE(NM_CONFIG_DEFAULT_LOGGING_AUDIT, TRUE,  [The default value of the logging.audit configuration option])
+		NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT='true'
+	fi
 else
     AC_DEFINE(HAVE_LIBAUDIT, 0, [Define if you have libaudit support])
+	AC_DEFINE(NM_CONFIG_DEFAULT_LOGGING_AUDIT, FALSE, [The default value of the logging.audit configuration option])
+    NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT='false'
 fi
+AC_SUBST(NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT)
 
 # libnl support for the linux platform
 PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0)

man/NetworkManager.conf.xml.in

@@ -491,7 +491,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
 	  auditd, the audit daemon.  If <literal>false</literal>, audit
 	  records will be sent only to the NetworkManager logging
 	  system. If set to <literal>true</literal>, they will be also
-	  sent to auditd.  The default value is <literal>false</literal>.
+	  sent to auditd.  The default value is <literal>@NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT@</literal>.
 	  </para></listitem>
 	</varlistentry>
       </variablelist>

src/nm-audit-manager.c

@@ -290,7 +290,8 @@ init_auditd (NMAuditManager *self)
 	NMConfigData *data = nm_config_get_data (priv->config);
 
 	if (nm_config_data_get_value_boolean (data, NM_CONFIG_KEYFILE_GROUP_LOGGING,
-	                                      NM_CONFIG_KEYFILE_KEY_AUDIT, FALSE)) {
+	                                      NM_CONFIG_KEYFILE_KEY_AUDIT,
+	                                      NM_CONFIG_DEFAULT_LOGGING_AUDIT)) {
 		if (priv->auditd_fd < 0) {
 			priv->auditd_fd = audit_open ();
 			if (priv->auditd_fd < 0) {