New audit-perms patch [ Re: Audit perms check on recv ]
Serge Hallyn
serue at us.ibm.com
Thu Jan 6 16:40:18 UTC 2005
Hi,
So to be clear, are the following associations correct?
AUDIT_GET: no capability
AUDIT_LIST: no capability
AUDIT_USER: CAP_AUDIT_WRITE
AUDIT_LOGIN: CAP_AUDIT_WRITE
AUDIT_SET: CAP_AUDIT_CONTROL
AUDIT_ADD: CAP_AUDIT_CONTROL
AUDIT_DEL: CAP_AUDIT_CONTROL
thanks,
-serge
On Wed, 2005-01-05 at 09:25 -0800, Chris Wright wrote:
> * Serge Hallyn (serue at us.ibm.com) wrote:
> > I'm sorry, I thought that by "we are already way off spec" you were
> > saying we shouldn't bother trying to follow the spec.
>
> Ah, sorry. I meant we were way off spec already, but no need to add new
> bits that are off spec if they are already specified in the draft.
>
> > I'll come back with a new patch after I go read the draft, because the
> > meaning of CAP_AUDIT_CONTROL is not clear to me.
>
> CAP_AUDIT_CONTROL is what you'd think of if it were CAP_AUDIT_ADMIN. It
> means you can control the auditing subsytem (turn it on/off, etc).
>
> thanks,
> -chris
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list