Re: New audit-perms patch [ Re: Audit perms check on recv ]
I'm sorry, I thought that by "we are already way off spec" you were
saying we shouldn't bother trying to follow the spec.
I'll come back with a new patch after I go read the draft, because the
meaning of CAP_AUDIT_CONTROL is not clear to me.
-serge
On Tue, 2005-01-04 at 14:01 -0800, Chris Wright wrote:
* Darrel Goeddel (dgoeddel(a)trustedcs.com) wrote:
> Serge E. Hallyn wrote:
<snip>
> > To review, it
> >
> > 1. adds two new capabilities, CAP_AUDIT_READ and CAP_AUDIT_WRITE
<snip>
> It would seem that separate CAP_AUDIT_ADMIN/CAP_AUDIT_WRITE capabilities are
> much more important than having a separate CAP_ADMIN_READ capability. The
I already suggested CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE for a good
reason. These are documented by the Posix draft defining capabilities.
I see no good reason to stray from that.
thanks,
-chris
--
Serge Hallyn <serue(a)us.ibm.com>