Hey all, I'm doing some tests and currently inotify_rm_watch is not performing any permission checks, i.e., an ordinary user can remove a watch set by root on a file with root:root 400 permission.
Is this the expected behavior? Seems like neither MAC nor MLS checks are being done. Regards, -- Eduardo M. Fleury IBM Linux Technology Center Brazil Mobile: +55-19-81224410 email/sametime: [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
