On 16/05/16, Steve Grubb wrote: > On Saturday, May 14, 2016 09:40:05 AM Bhagwat, Shriniketan Manjunath wrote: > > > Not today. The check for uid 0 is a poor man's check for CAP_AUDIT_CONTROL > > > > Are there any future plans to support enabling audit from non root user > > using CAP_AUDIT_CONTROL? > > You are the only person who has asked for it. I suppose it can be done in a > couple lines of code. But you still have the permissions of the directories > that hold the rules to correct. Easy to fix, but I think you might be > fighting > the distribution's package manager which would set things back to root every > update.
There is no kernel obstacle that I can see now. It used to depend on CAP_NET_ADMIN, I think, but that stuff has all been fixed. I can see applications for it, possibly even in containers down the road... > -Steve - RGB -- Richard Guy Briggs <[email protected]> Kernel Security Engineering, Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
