Re: auditing file based capabilities
On Monday 13 October 2008 10:04:27 Serge E. Hallyn wrote:
Except I think setcap should also be audited, so that if a task
receives
some inheritable capabilities, you can tell from the logs when that
happened and which executable did it.
Do you already have a patch for this?
Would an audit rule for setxattrs cover the setting?
-Steve