On Tue, Feb 06, 2007 at 02:08:38PM -0500, Stephen Smalley wrote:
> Setting the loginuid of a process is a form of "control" over the audit
> system, as the loginuid is the basis for user accountability in the
> audit framework.    It differs from merely generating a user audit
> message.  There was some discussion of introducing a third audit
> capability, but no support for it.

Ah, thanks Stephen and Casey, for explaining the reasoning. It does have
the unfortunate side effect of causing CAP_AUDIT_CONTROL to be needed
more widely than one might expect.

-- 
Steve Beattie
SUSE Labs, Novell Inc. 
<sbeattie@suse.de>
http://NxNW.org/~steve/