Two netlink patches
Stephen Smalley
sds at epoch.ncsc.mil
Thu Dec 16 12:49:12 UTC 2004
On Wed, 2004-12-15 at 18:07, Chris Wright wrote:
> * Chris Wright (chrisw at osdl.org) wrote:
> > CAP_SYS_AUDIT?
>
> OK, well, Posix (withdrawn draft) specifies CAP_AUDIT_CONTROL and
> CAP_AUDIT_WRITE.
Given the shortage of available capability bits, I'd think you would
only want to take at most one for audit. You can always provide
finer-grained controls via other security modules, as in SELinux's
checking upon netlink_send.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list