Re: Audit reporting Invalid argument
On 16/05/16, Steve Grubb wrote:
On Saturday, May 14, 2016 09:40:05 AM Bhagwat, Shriniketan Manjunath
wrote:
> > Not today. The check for uid 0 is a poor man's check for CAP_AUDIT_CONTROL
>
> Are there any future plans to support enabling audit from non root user
> using CAP_AUDIT_CONTROL?
You are the only person who has asked for it. I suppose it can be done in a
couple lines of code. But you still have the permissions of the directories
that hold the rules to correct. Easy to fix, but I think you might be fighting
the distribution's package manager which would set things back to root every
update.
There is no kernel obstacle that I can see now. It used to depend on
CAP_NET_ADMIN, I think, but that stuff has all been fixed. I can see
applications for it, possibly even in containers down the road...
-Steve
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635