audit capability checks not audited
David Woodhouse
dwmw2 at infradead.org
Tue May 17 13:04:03 UTC 2005
On Tue, 2005-05-17 at 08:27 -0400, Stephen Smalley wrote:
> I know there was an earlier rfc/patch by Chris to allow moving the
> netlink message checking to the send side via a new callback, which
> would allow us to perform a traditional capable() call rather than a
> direct cap_raised() test and thus have the usual auditing behavior for
> SELinux there. Is that stalled?
It was decided at the time that there was insufficient reason to make
such a change. I don't remember whether Chris had updated and completed
the patch by then or not; I suspect not.
--
dwmw2
More information about the Linux-audit
mailing list