[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: enable CONFIG_AUDIT_LOGINUID_IMMUTABLE on F17



On Thursday, February 09, 2012 02:32:00 PM Eric Paris wrote:
> With this enabled we will break people directly launching login
> utilities instead of going through init.  However it will allow us to
> remove some permissions from applications (CAP_AUDIT_CONTROL) since
> setting the loginuid will no longer be a privileged operation and will
> greatly increase the reliability of audit logs to be able to attest to
> what user performed what operation.

Making the login uid immutable would be nice, but I don't get the part about 
removing privileges. Setting the login uid is a privileged operation. It always 
has to be that way.

-Steve
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel



[Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Maintainers]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Deep Creek Hot Springs]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

Powered by Linux