Quoting Eric Paris ([EMAIL PROTECTED]): > ok, I thought you were complaining the pI didn't have cap_net_admin. > The bug you spotted (I just can't read) was actually me just copy and > pasting the wrong thing into this discussion.
Cool, just making sure. > I think we all 'sorta' agree on what we want, I'll send 3 final patches > in an hour or two when I'm happy they work properly... > > 1) log fP, fE, fI, fver in PATH records > 2) new record to execve when fcaps increase pE or pP > 3) new record to capset which records the arguments pid, pP, pI, pE. Great, thanks. -serge -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
