On Thursday, February 09, 2012 02:32:00 PM Eric Paris wrote: > With this enabled we will break people directly launching login > utilities instead of going through init. However it will allow us to > remove some permissions from applications (CAP_AUDIT_CONTROL) since > setting the loginuid will no longer be a privileged operation and will > greatly increase the reliability of audit logs to be able to attest to > what user performed what operation. Making the login uid immutable would be nice, but I don't get the part about removing privileges. Setting the login uid is a privileged operation. It always has to be that way. -Steve _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
