From mboxrd@z Thu Jan  1 00:00:00 1970
From: Klaus Weidner <klaus@atsec.com>
Subject: Re: auditing labeled ipsec
Date: Wed, 11 Oct 2006 17:23:46 -0500
Message-ID: <20061011222345.GD28519@w-m-p.com>
References: <1160599200.17737.54.camel@faith.austin.ibm.com>
	<452D5ADF.4020607@hp.com>
	<1160602996.17737.57.camel@faith.austin.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <redhat-lspp-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <1160602996.17737.57.camel@faith.austin.ibm.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/redhat-lspp>,
	<mailto:redhat-lspp-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/redhat-lspp>
List-Post: <mailto:redhat-lspp@redhat.com>
List-Help: <mailto:redhat-lspp-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/redhat-lspp>,
	<mailto:redhat-lspp-request@redhat.com?subject=subscribe>
Sender: redhat-lspp-bounces@redhat.com
Errors-To: redhat-lspp-bounces@redhat.com
To: Joy Latten <latten@austin.ibm.com>
Cc: redhat-lspp@redhat.com, linux-audit@redhat.com, Paul Moore <paul.moore@hp.com>
List-Id: linux-audit@redhat.com

On Wed, Oct 11, 2006 at 04:43:16PM -0500, Joy Latten wrote:
> On Wed, 2006-10-11 at 16:58 -0400, Paul Moore wrote:
> > While it's been a looong time since I looked at PFKEY I believe you can get away
> > with plucking the loginuid from the current task, yes?  no?
> > 
> 
> I was also wondering if that would be ok? 

If it's accurate when nobody is actively trying to subvert it, that's
good enough for the purposes of LSPP/CAPP evaluation where admins are
presumed to be trustworthy.

-Klaus