Re: [redhat-lspp] auditing labeled ipsec
On Wed, Oct 11, 2006 at 04:43:16PM -0500, Joy Latten wrote:
On Wed, 2006-10-11 at 16:58 -0400, Paul Moore wrote:
> While it's been a looong time since I looked at PFKEY I believe you can get
away
> with plucking the loginuid from the current task, yes? no?
>
I was also wondering if that would be ok?
If it's accurate when nobody is actively trying to subvert it, that's
good enough for the purposes of LSPP/CAPP evaluation where admins are
presumed to be trustworthy.
-Klaus