New audit-perms patch [ Re: Audit perms check on recv ]
Serge Hallyn
serue at us.ibm.com
Wed Jan 5 17:27:22 UTC 2005
I'm sorry, I thought that by "we are already way off spec" you were
saying we shouldn't bother trying to follow the spec.
I'll come back with a new patch after I go read the draft, because the
meaning of CAP_AUDIT_CONTROL is not clear to me.
-serge
On Tue, 2005-01-04 at 14:01 -0800, Chris Wright wrote:
> * Darrel Goeddel (dgoeddel at trustedcs.com) wrote:
> > Serge E. Hallyn wrote:
> <snip>
> > > To review, it
> > >
> > > 1. adds two new capabilities, CAP_AUDIT_READ and CAP_AUDIT_WRITE
> <snip>
>
> > It would seem that separate CAP_AUDIT_ADMIN/CAP_AUDIT_WRITE capabilities are
> > much more important than having a separate CAP_ADMIN_READ capability. The
>
> I already suggested CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE for a good
> reason. These are documented by the Posix draft defining capabilities.
> I see no good reason to stray from that.
>
> thanks,
> -chris
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list