New audit-perms patch [ Re: Audit perms check on recv ]

[Chris Wright]

* Serge Hallyn (serue at us.ibm.com) wrote:
> I'm sorry, I thought that by "we are already way off spec" you were
> saying we shouldn't bother trying to follow the spec.

Ah, sorry.  I meant we were way off spec already, but no need to add new
bits that are off spec if they are already specified in the draft.

> I'll come back with a new patch after I go read the draft, because the
> meaning of CAP_AUDIT_CONTROL is not clear to me.

CAP_AUDIT_CONTROL is what you'd think of if it were CAP_AUDIT_ADMIN.  It
means you can control the auditing subsytem (turn it on/off, etc).

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net