From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: [PATCH 7/7] audit: audit feature to set loginuid immutable Date: Mon, 08 Jul 2013 16:51:20 -0400 Message-ID: <1373316680.2395.8.camel@dhcp137-13.rdu.redhat.com> References: <1369411910-13777-1-git-send-email-eparis@redhat.com> <1369411910-13777-7-git-send-email-eparis@redhat.com> <2141171.0lgOghWp8c@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <2141171.0lgOghWp8c@x2> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Mon, 2013-07-08 at 16:34 -0400, Steve Grubb wrote: > On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote: > > This adds a new 'audit_feature' bit which allows userspace to set it > > such that the loginuid is absolutely immutable, even if you have > > CAP_AUDIT_CONTROL. > > I'm also not sure I like it done this way. What I was thinking about is that > we should set this at boot so that no matter what happens during boot, the > policy is for setting loginuid cannot be messed with. We really do not want > this to be changeable after the system comes up. I'd much rather see this as > audit=4 on the boot prompt (meaning enabled and immutable). This way its clear > to everyone that it can only be changed by rebooting the system and the policy > is in effect for the duration of the session. Linus has explicitly said the kernel command line options are only acceptable if they are required for kernel functionality before they can be set by userspace. If we don't trust the audit system initialization we already lost and no amount of audit= is going to change that. Since there is absolutely no benefit to setting this on the kernel command line, before we can parse and use the audit.rules, I can not make this yet another archaic command line option. I'm sorry, but this just cannot happen...