* Serge E. Hallyn (serue(a)us.ibm.com) wrote:
I wasn't. Certainly from a capability.ko point of view we would
want
PF_SUPERPRIV set if an AUDIT_ADD is done. On the other hand, asking all
security modules to authorize CAP_SYS_ADMIN for the audit role seems
misguided if we eventually want to create a separate audit role.
role or capability? if latter, yes, we do. CAP_SYS_ADMIN is an
abomination ;-)
thanks,
-chris
--
Linux Security Modules
http://lsm.immunix.org http://lsm.bkbits.net