Use auditd to process AppArmor/audit logs (#3885)

Use auditd so logs from AppArmor and other audit events are processed by that
instead of printed to the Systemd journal. This will reduce the log spam from
BPF usually present in host logs and still preserve the audit logs for
debugging.

The default configs seems to be sane for our purpose, rotating up to 5 files of
8MiB each. The difference is that /var/log/audit will be now on tmpfs but given
how AppArmor is used on typical HA setup, we don't need to preserve the logs
over reboots.

buildroot-external/configs/generic_aarch64_defconfig

@@ -135,6 +135,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_OPENVMTOOLS=y

buildroot-external/configs/generic_x86_64_defconfig

@@ -135,6 +135,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_OPENVMTOOLS=y

buildroot-external/configs/green_defconfig

@@ -114,6 +114,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/khadas_vim3_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/odroid_c2_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/odroid_c4_defconfig

@@ -107,6 +107,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/odroid_m1_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/odroid_m1s_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/odroid_n2_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/odroid_xu4_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/ova_defconfig

@@ -138,6 +138,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_OPENVMTOOLS=y

buildroot-external/configs/rpi2_defconfig

@@ -112,6 +112,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/rpi3_64_defconfig

@@ -113,6 +113,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/rpi3_defconfig

@@ -114,6 +114,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/rpi4_64_defconfig

@@ -114,6 +114,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/rpi4_defconfig

@@ -113,6 +113,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/rpi5_64_defconfig

@@ -112,6 +112,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/tinker_defconfig

@@ -109,6 +109,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y

buildroot-external/configs/yellow_defconfig

@@ -116,6 +116,7 @@ BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
 BR2_PACKAGE_APPARMOR=y
 BR2_PACKAGE_APPARMOR_PROFILES=y
 BR2_PACKAGE_TINI=y
+BR2_PACKAGE_AUDIT=y
 BR2_PACKAGE_DOCKER_CLI=y
 BR2_PACKAGE_DOCKER_ENGINE=y
 BR2_PACKAGE_PROCPS_NG=y