[redhat-lspp] auditing labeled ipsec
Klaus Weidner
klaus at atsec.com
Wed Oct 11 22:23:46 UTC 2006
On Wed, Oct 11, 2006 at 04:43:16PM -0500, Joy Latten wrote:
> On Wed, 2006-10-11 at 16:58 -0400, Paul Moore wrote:
> > While it's been a looong time since I looked at PFKEY I believe you can get away
> > with plucking the loginuid from the current task, yes? no?
> >
>
> I was also wondering if that would be ok?
If it's accurate when nobody is actively trying to subvert it, that's
good enough for the purposes of LSPP/CAPP evaluation where admins are
presumed to be trustworthy.
-Klaus
More information about the Linux-audit
mailing list