Re: [userspace PATCH v2 0/2] Add support for loginuid_set
On Monday, October 10, 2016 5:10:39 PM EDT Paul Moore wrote:
On Mon, Oct 10, 2016 at 1:24 PM, Steve Grubb
<sgrubb(a)redhat.com> wrote:
> On Thursday, August 18, 2016 2:18:55 PM EDT Richard Guy Briggs wrote:
>> loginuid_set support should have been added to userspace when it was
>> added to the kernel around v3.10. Add it before we do similar for
>> sessionID and sessionID_set.
>
> If this were accepted, how would this change writing rules? IOW, can you
> give an example rule so we can see what this looks like?
We have a RFE feature page which documents some rule examples:
*
https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter
OK, thanks. This is helpful. So, what is the difference between these rules?
-a always,exit -F path=/tmp/sessionid_test -F loginuid=-1
-a always,exit -F path=/tmp/sessionid_set_test -F loginuid_set=0
-Steve