From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: PATH records show fcaps
Date: Mon, 20 Oct 2008 15:01:24 -0500
Message-ID: <20081020200124.GA5547@us.ibm.com>
References: <1224343392.3189.74.camel@paris-laptop>
	<20081020163358.GB21901@us.ibm.com>
	<1224525300.3189.158.camel@paris-laptop>
	<20081020181337.GA776@us.ibm.com>
	<1224527718.3189.167.camel@paris-laptop>
	<20081020191353.GA29574@us.ibm.com>
	<1224532186.3189.189.camel@paris-laptop>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <1224532186.3189.189.camel@paris-laptop>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Quoting Eric Paris (eparis@redhat.com):
> ok, I thought you were complaining the pI didn't have cap_net_admin.
> The bug you spotted (I just can't read) was actually me just copy and
> pasting the wrong thing into this discussion.

Cool, just making sure.

> I think we all 'sorta' agree on what we want, I'll send 3 final patches
> in an hour or two when I'm happy they work properly...
> 
> 1) log fP, fE, fI, fver in PATH records
> 2) new record to execve when fcaps increase pE or pP
> 3) new record to capset which records the arguments pid, pP, pI, pE.

Great, thanks.

-serge