[RFC] audit.spec: create audit group for log read access

[Steve Grubb]

On Wednesday, January 20, 2021 4:39:11 PM EST Enzo Matsumiya wrote:
> >I consider the audit.spec file to be an example to help others with
> >packaging. But I'm not entirely sure if it's 100% in sync with Fedora
> >since they make arbitrary policy changes like removing gcc and make from
> >the build root which then causes specfile updates. If you want to submit
> >a patch, feel free. I would apply it as an example to others.
> 
> Thanks. We also have some modifications to the specfile.
> 
> So what I'm getting from your reply is it's up to the OS vendor to provide,
> or not, such modification -- i.e. it's more of a general OS problem than
> audit's problem. Is that correct?

I consider it to be an end user choice. Because if you set the log_group, you 
may need to do a chgrp command to get your logs in order. And I don't know 
who should get access. Would it be wheel or a special audit-view group? To 
me, it just seems like any choice I make may not work for everyone.

But you're welcome to send a patch if you want.

-Steve