[PATCH] Inter-field comparisons between uid/euid and gid/egid
Steve Grubb
sgrubb at redhat.com
Sat Dec 24 21:51:15 UTC 2011
On Thursday, December 22, 2011 11:32:11 AM Peter Moody wrote:
> On Wed, Dec 14, 2011 at 12:32 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> > On Tuesday, December 13, 2011 07:17:51 PM Peter Moody wrote:
> > > > Closer. All permutations of uid and gid being able to compare against
> > > > either object or process credentials. Like auid!=ouid or auid!=uid.
> > >
> > > Ok, I think I got them all.
> >
> > Thanks. Eric, any comments?
>
> Is there anything else that I can do to help the case for this patch (and
> did you want the updated version that allowed auditctl -l to work with the
> interfield comparisons?
Not really, I think its just a bad time of the year to get quick results. :)
> the only change to kernel land was to put these in range of the other audit
> fields)
I'll be doing some more testing on this in January. Consider the patch more or
less accepted. We want that functionality.
-Steve
More information about the Linux-audit
mailing list