Hey Steve / Amy,
In doing some tests, I've noticed that the USER_ROLE_CHANGE audit record
is associated with both newrole, and semanage user -[ad]. I do not think
that USER_ROLE_CHANGE is a good name to have associated with SELinux
user creation/removal, not to mention that the payload of the record
resulting from newrole looks nothing like the payload from that
generated by semanage user -[ad].
Can we add a USER_ROLE_MODIFY, or some other label, that would indicate
and differentiate SELinux user creation/removal from a simple newrole?
Thanks,
Mike
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
