Quoting Eric Paris (eparis(a)redhat.com):
ok, I thought you were complaining the pI didn't have
cap_net_admin.
The bug you spotted (I just can't read) was actually me just copy and
pasting the wrong thing into this discussion.
Cool, just making sure.
I think we all 'sorta' agree on what we want, I'll send 3
final patches
in an hour or two when I'm happy they work properly...
1) log fP, fE, fI, fver in PATH records
2) new record to execve when fcaps increase pE or pP
3) new record to capset which records the arguments pid, pP, pI, pE.
Great, thanks.
-serge