Re: audit capability checks not audited
On Tue, 2005-05-17 at 08:27 -0400, Stephen Smalley wrote:
I know there was an earlier rfc/patch by Chris to allow moving the
netlink message checking to the send side via a new callback, which
would allow us to perform a traditional capable() call rather than a
direct cap_raised() test and thus have the usual auditing behavior for
SELinux there. Is that stalled?
It was decided at the time that there was insufficient reason to make
such a change. I don't remember whether Chris had updated and completed
the patch by then or not; I suspect not.
--
dwmw2