--- Steve Beattie <[EMAIL PROTECTED]> wrote:
> Ah, thanks Stephen and Casey, for explaining the > reasoning. It does have > the unfortunate side effect of causing > CAP_AUDIT_CONTROL to be needed > more widely than one might expect. The appropriate granularity of capabilities has always been and will always be a contentious issue, with the fashion shifting whimsically. Writing audit records is pretty clearly a different beast than setting audit attributes, but since there is significant overlap between the programs that set audit state and those that write audit records you could make a case for either making a seperate capability for setting the loginid or for having a single CAP_AUDIT. Heck, at one time or another I've argued each way. I expect that the current granularity is sufficiently obvious and useful to leave alone, at least for the time being. Casey Schaufler [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
