Granting CAP_AUDIT_WRITE to X/dbus/...

Mon Sep 15 11:20:03 UTC 2014

Hello,

I was wondering now that the xserver can run as non-root shouldn't the
CAP_WRITE_AUDIT file capability be set on the Xorg executable? Same
question for AVC denials logging with dbus session bus[0]?

And in general, does anybody has an opinion about giving this
capability to $random executable?

Cheers,

Laurent Bigonville

[0] See: https://bugs.freedesktop.org/show_bug.cgi?id=83856