In F17 I'd like to see CONFIG_AUDIT_LOGINUID_IMMUTABLE turned on. In the old days when an admin restarted a service they actually did the restart themselves. Thus the new daemon would be attributed to the loginuid of the admin. If this daemon was ssh, when a new user logged in we needed a method to 'switch' the loginuid so the audit trail was associated with this new user, not the admin who started sshd. With the advent of systemd admins do not directly launch daemons and instead init launches it on their behalf. With this option set sshd will not need to 'switch' its loginuid, instead it will 'set' it for the first time. Even after a restart. This couldn't work under sysvinit or upstart, but since Fedora has removed almost all init scripts, noone can be using sysvinit or upstart any more! With this enabled we will break people directly launching login utilities instead of going through init. However it will allow us to remove some permissions from applications (CAP_AUDIT_CONTROL) since setting the loginuid will no longer be a privileged operation and will greatly increase the reliability of audit logs to be able to attest to what user performed what operation. -Eric _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
