On Tue, Feb 06, 2007 at 02:08:38PM -0500, Stephen Smalley wrote: > Setting the loginuid of a process is a form of "control" over the audit > system, as the loginuid is the basis for user accountability in the > audit framework. It differs from merely generating a user audit > message. There was some discussion of introducing a third audit > capability, but no support for it.
Ah, thanks Stephen and Casey, for explaining the reasoning. It does have the unfortunate side effect of causing CAP_AUDIT_CONTROL to be needed more widely than one might expect. -- Steve Beattie SUSE Labs, Novell Inc. <[EMAIL PROTECTED]> http://NxNW.org/~steve/
pgp1tHpzWj5wC.pgp
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
