On Monday, December 12, 2011 11:35:25 AM Peter Moody wrote: > On Mon, Dec 12, 2011 at 6:27 AM, Steve Grubb <[email protected]> wrote: > > On Sunday, December 11, 2011 02:04:24 PM Peter Moody wrote: > > > Not sure if this is the right way to go about this, but I've got a > > > couple of patches I'd like to be considered for inclusion. > > > > I think we really want all permutations covered so we don't revisit this > > every > > month or two. > > Ok. Do you want me to include subj_user/obj_user, subj_role/obj_role, > subj_type/obj_type as well
No, the MAC subsystems should be able to log that themselves. > or just the uid/fsuid, gid/fsgid, uid/suid, gid/sgid? Closer. All permutations of uid and gid being able to compare against either object or process credentials. Like auid!=ouid or auid!=uid. Thanks, -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
