On 09/15/2014 09:57 AM, Steve Grubb wrote: > On Monday, September 15, 2014 01:20:03 PM Laurent Bigonville wrote: >> Hello, >> >> I was wondering now that the xserver can run as non-root shouldn't the >> CAP_WRITE_AUDIT file capability be set on the Xorg executable? > I can't imagine what the Xserver would need to do with auditing. If its > linked > against libaudit, then I guess it needs it. That said, no one has asked me to > review what the Xserver is doing wrt auditing. So, I have no idea if its > actually correctly done. XAce? > >> Same question for AVC denials logging with dbus session bus[0]? > That one I know needs to write events. > > >> And in general, does anybody has an opinion about giving this >> capability to $random executable? > Yep, it should be done very cautiously. Some upstreams think audit is a > syslog > and just absolutely mess it up. Even upstreams that I helped get audit events > working eventually decide to make changes (for who knows what reason) and > then > I find out a year later that they messed things up. > > So, if auditing is being added to $random program, be suspicious and ask on > the list if this is known and correct. I am wanting to fix this by creating > some test suites that can help identify when programs change and start doing > the wrong thing. > > -Steve > > >> Cheers, >> >> Laurent Bigonville >> >> [0] See: https://bugs.freedesktop.org/show_bug.cgi?id=83856 >> >> -- >> Linux-audit mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/linux-audit > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
