Re: [PATCH] Audit capabilities

Serge Hallyn wrote: >Attached is a new patch to introduce CAP_AUDIT_CONTROL and >CAP_AUDIT_WRITE. Thank you all for the clarifications on appropriate >caps. > Sorry for the delay on this response. At least this comment is not of great importance :) It seems that netlink_get_msgtype is not really needed here. The type is already available in audit_receive_msg and can be passed to audit_netlink_ok; and the length checks performed by netlink_get_msgtype will never catch a failure because the same checks are already done by audit_receive_skb. Removing this function would remove the need to modify the netlink.h and af_netlink.c files. -- Darrel -- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit