Re: Problem meeting FAU_SEL with trusted programs
> It seems like other trusted programs (at least cron) will also
have this
> problem of a server generating messages on behalf of a user and needing
> to pass audit records into the kernel with that user's information.
Cron doesn't generate any messages to the kernel. The kernel observes any
violation and records it with the right credentials.
I was wondering about the case where the cron job generates an
audit record but I just tried an experiment and crond uses pam to
set the auid for the cron job so any audit records issued by the cron
job have an auid that matches the user's uid. I wonder if cups
could/should do something similar.
-- ljk