New audit-perms patch [ Re: Audit perms check on recv ]

Serge Hallyn serue at us.ibm.com
Wed Jan 5 17:27:22 UTC 2005


I'm sorry, I thought that by "we are already way off spec" you were
saying we shouldn't bother trying to follow the spec.

I'll come back with a new patch after I go read the draft, because the
meaning of CAP_AUDIT_CONTROL is not clear to me.

-serge

On Tue, 2005-01-04 at 14:01 -0800, Chris Wright wrote:
> * Darrel Goeddel (dgoeddel at trustedcs.com) wrote:
> > Serge E. Hallyn wrote:
> <snip>
> > > To review, it 
> > > 
> > >    1.  adds two new capabilities, CAP_AUDIT_READ and CAP_AUDIT_WRITE
> <snip>
> 
> > It would seem that separate CAP_AUDIT_ADMIN/CAP_AUDIT_WRITE capabilities are 
> > much more important than having a separate CAP_ADMIN_READ capability.  The 
> 
> I already suggested CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE for a good
> reason.  These are documented by the Posix draft defining capabilities.
> I see no good reason to stray from that.
> 
> thanks,
> -chris
-- 
Serge Hallyn <serue at us.ibm.com>




More information about the Linux-audit mailing list