Audit reporting Invalid argument
Richard Guy Briggs
rgb at redhat.com
Mon May 16 17:21:02 UTC 2016
On 16/05/16, Steve Grubb wrote:
> On Saturday, May 14, 2016 09:40:05 AM Bhagwat, Shriniketan Manjunath wrote:
> > > Not today. The check for uid 0 is a poor man's check for CAP_AUDIT_CONTROL
> >
> > Are there any future plans to support enabling audit from non root user
> > using CAP_AUDIT_CONTROL?
>
> You are the only person who has asked for it. I suppose it can be done in a
> couple lines of code. But you still have the permissions of the directories
> that hold the rules to correct. Easy to fix, but I think you might be fighting
> the distribution's package manager which would set things back to root every
> update.
There is no kernel obstacle that I can see now. It used to depend on
CAP_NET_ADMIN, I think, but that stuff has all been fixed. I can see
applications for it, possibly even in containers down the road...
> -Steve
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list