type=USER_ROLE_CHANGE

Steve Grubb sgrubb at redhat.com
Sun Jul 16 12:41:43 UTC 2006


On Thursday 13 July 2006 17:03, Michael C Thompson wrote:
> In doing some tests, I've noticed that the USER_ROLE_CHANGE audit record
> is associated with both newrole, and semanage user -[ad].

semanage should also be using these:

#define AUDIT_ROLE_ASSIGN            2301 /* Admin assigned user to role */
#define AUDIT_ROLE_REMOVE          2302 /* Admin removed user from role */

USER_ROLE_CHANGE should only be used when newrole is used. If semanage needs 
more record types let me know.

-Steve




More information about the Linux-audit mailing list