The RHEL version of the auth_role macro which we are getting through our use of userdom_unpriv_user_template uses logging_send_audit_msgs which give a type the audit_write capability and allow rules for a number of netlink_audit_socket operations. It seem counterintuitive to give an unprivileged user type audit write related policy.The ref-policy version of auth_role does not use logging_send_audit_msgs. We're considering patching our policy but I wanted to see what others though about giving unprivileged user types this policy? Ted
