Re: [PATCH V4 09/10] capabilities: fix logic for effective root or real root

On Tue, Sep 5, 2017 at 2:46 AM, Richard Guy Briggs <rgb(a)redhat.com&gt; wrote: > Now that the logic is inverted, it is much easier to see that both real > root and effective root conditions had to be met to avoid printing the > BPRM_FCAPS record with audit syscalls. This meant that any setuid root > applications would print a full BPRM_FCAPS record when it wasn't > necessary, cluttering the event output, since the SYSCALL and PATH > records indicated the presence of the setuid bit and effective root user > id. > > Require only one of effective root or real root to avoid printing the > unnecessary record. > > Ref: commit 3fc689e96c0c ("Add audit_log_bprm_fcaps/AUDIT_BPRM_FCAPS") > See: https://github.com/linux-audit/audit-kernel/issues/16 > > Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; > Reviewed-by: Serge Hallyn <serge(a)hallyn.com&gt; > Acked-by: James Morris <james.l.morris(a)oracle.com&gt; > --- > security/commoncap.c | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) Trying to sort this out, I've decided that I dislike the capabilities code as much as I dislike the audit code.