Hi, I am working on migrating src:shadow to today's SELinux api and enabling audit logging for denials. The question which uid to log with 'audit_log_user_avc_message' came up. What is preferred for the applications like passwd, chfn, ... , which might be setuid binaries (getuid, geteuid, 0)?
Kind regards,
Christian Göttsche
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
