Re: New audit-perms patch [ Re: Audit perms check on recv ]
* Darrel Goeddel (dgoeddel(a)trustedcs.com) wrote:
Serge E. Hallyn wrote:
<snip>
> To review, it
>
> 1. adds two new capabilities, CAP_AUDIT_READ and CAP_AUDIT_WRITE
<snip>
It would seem that separate CAP_AUDIT_ADMIN/CAP_AUDIT_WRITE
capabilities are
much more important than having a separate CAP_ADMIN_READ capability. The
I already suggested CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE for a good
reason. These are documented by the Posix draft defining capabilities.
I see no good reason to stray from that.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net