audit capability checks not audited

Hi, We're starting to see bug reports of SELinux denials with no audit messages in FC4/devel due to the fact that the audit capabilities are checked on the receive side via a direct cap_raised() test on the effective capability set saved earlier by the netlink_send hook. This manifests as programs failing in enforcing mode and working in permissive mode, but no audit messages being generated. I know there was an earlier rfc/patch by Chris to allow moving the netlink message checking to the send side via a new callback, which would allow us to perform a traditional capable() call rather than a direct cap_raised() test and thus have the usual auditing behavior for SELinux there. Is that stalled? -- Stephen Smalley National Security Agency