New audit-perms patch [ Re: Audit perms check on recv ]

Serge Hallyn serue at us.ibm.com
Thu Jan 6 16:40:18 UTC 2005


Hi,

So to be clear, are the following associations correct?

AUDIT_GET:  no capability
AUDIT_LIST: no capability
AUDIT_USER: CAP_AUDIT_WRITE
AUDIT_LOGIN: CAP_AUDIT_WRITE
AUDIT_SET: CAP_AUDIT_CONTROL
AUDIT_ADD: CAP_AUDIT_CONTROL
AUDIT_DEL: CAP_AUDIT_CONTROL

thanks,
-serge

On Wed, 2005-01-05 at 09:25 -0800, Chris Wright wrote:
> * Serge Hallyn (serue at us.ibm.com) wrote:
> > I'm sorry, I thought that by "we are already way off spec" you were
> > saying we shouldn't bother trying to follow the spec.
> 
> Ah, sorry.  I meant we were way off spec already, but no need to add new
> bits that are off spec if they are already specified in the draft.
> 
> > I'll come back with a new patch after I go read the draft, because the
> > meaning of CAP_AUDIT_CONTROL is not clear to me.
> 
> CAP_AUDIT_CONTROL is what you'd think of if it were CAP_AUDIT_ADMIN.  It
> means you can control the auditing subsytem (turn it on/off, etc).
> 
> thanks,
> -chris
-- 
Serge Hallyn <serue at us.ibm.com>




More information about the Linux-audit mailing list