audit/readonly.patch

diff --git a/audit.spec b/audit.spec
index 39f640e36..313d803f1 100644
--- a/audit.spec
+++ b/audit.spec
@@ -215,6 +215,7 @@ fi
 %attr(755,root,root) %{_bindir}/aulast
 %attr(755,root,root) %{_bindir}/aulastlog
 %attr(755,root,root) %{_bindir}/ausyscall
+%attr(640,root,root) %{_tmpfilesdir}/audit.conf
 %attr(755,root,root) %{_bindir}/auvirt
 %attr(644,root,root) %{_unitdir}/auditd.service
 %attr(750,root,root) %dir %{_libexecdir}/initscripts/legacy-actions/auditd
diff --git a/init.d/Makefile.am b/init.d/Makefile.am
index 3a73697a6..63fae2ab4 100644
--- a/init.d/Makefile.am
+++ b/init.d/Makefile.am
@@ -23,6 +23,7 @@
 
 CONFIG_CLEAN_FILES = *.rej *.orig
 EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \
+	audit-tmpfiles.conf \
 	auditd.cron libaudit.conf auditd.condrestart \
 	auditd.reload auditd.restart auditd.resume \
 	auditd.rotate auditd.state auditd.stop \
@@ -43,6 +44,8 @@ sbin_SCRIPTS = augenrules
 
 install-data-hook:
 	$(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir}
+	mkdir -p ${DESTDIR}$(prefix)/lib/tmpfiles.d/
+	$(INSTALL_DATA) -m 640 ${srcdir}/audit-tmpfiles.conf ${DESTDIR}$(prefix)/lib/tmpfiles.d/audit.conf
 if ENABLE_SYSTEMD
 else
 	$(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd
@@ -69,6 +72,7 @@ endif
 
 uninstall-hook:
 	rm ${DESTDIR}${sysconfdir}/${libconfig}
+	rm ${DESTDIR}$(prefix)/lib/tmpfiles.d/audit.conf
 if ENABLE_SYSTEMD
 	rm ${DESTDIR}${initdir}/auditd.service
 	rm ${DESTDIR}${legacydir}/rotate
diff --git a/init.d/audit-tmpfiles.conf b/init.d/audit-tmpfiles.conf
new file mode 100644
index 000000000..5512a535a
--- /dev/null
+++ b/init.d/audit-tmpfiles.conf
@@ -0,0 +1 @@
+d /var/log/audit 0700 root root - -