[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



* Serge E. Hallyn (serue us ibm com) wrote:
> I wasn't.  Certainly from a capability.ko point of view we would want
> PF_SUPERPRIV set if an AUDIT_ADD is done.  On the other hand, asking all
> security modules to authorize CAP_SYS_ADMIN for the audit role seems
> misguided if we eventually want to create a separate audit role.

role or capability?  if latter, yes, we do.  CAP_SYS_ADMIN is an
abomination ;-)

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]