Re: proc_loginuid_write() checks wrong capability?

--- Steve Beattie <sbeattie(a)suse.de&gt; wrote: The appropriate granularity of capabilities has always been and will always be a contentious issue, with the fashion shifting whimsically. Writing audit records is pretty clearly a different beast than setting audit attributes, but since there is significant overlap between the programs that set audit state and those that write audit records you could make a case for either making a seperate capability for setting the loginid or for having a single CAP_AUDIT. Heck, at one time or another I've argued each way. I expect that the current granularity is sufficiently obvious and useful to leave alone, at least for the time being. Casey Schaufler casey(a)schaufler-ca.com