PATH records show fcaps
Eric Paris
eparis at redhat.com
Mon Oct 20 23:00:19 UTC 2008
On Mon, 2008-10-20 at 18:52 -0400, Steve Grubb wrote:
> On Monday 20 October 2008 12:55:41 Eric Paris wrote:
> > > Steve's suggestion of cap_prm and cap_inh are good for being shorter and
> > > matching proc output. But OTOH it's a bit confusing as at first I
> > > thought these were the task's values. Would it be too terse to just
> > > use fP and fI?
> >
> > yes, too terse. How about cap_fP, cap_fI, cap_fVer, cap_fEffBit ?
> >
> > Based on your other comments I'm going to go add fVer and fEffBit.
>
> We don't have any audit fields with mixed cases in the field name. Let's not
> start it so that searches stay simple.
even your /proc example has mixed case :(
so choices
1) cap_fP, cap_fE, cap_fI
2) cap_fp, cap_fe, cap_fi
3) capprm_file, capeff_file, capinh_file
If steve feels strongly about not going down #1 (which obviously I
liked!) I vote #2.....
-Eric
More information about the Linux-audit
mailing list