On Monday 19 March 2007 15:58, geckiv wrote: > I never heard of dbus before. Is there an example how it keeps it's > CAP_AUDIT_WRITE and changes uids?
Not without looking at its source code. Here's its patch: http://developer.momonga-linux.org/viewvc/trunk/pkgs/dbus/dbus-0.61-selinux-avc-audit.patch?r1=13947&r2=13946&pathrev=13947&view=patch nscd also does the same trick, but its coded in glibc style. > Is this just using setuid() some how? No, there's an intricate dance regarding setuid, prctl, & capabilities that must be followed exactly or bad things can happen. -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
