On Tue, Feb 26, 2019 at 04:20:42PM -0600, Ted Toth wrote: > The RHEL version of the auth_role macro which we are getting through > our use of userdom_unpriv_user_template uses logging_send_audit_msgs > which give a type the audit_write capability and allow rules for a > number of netlink_audit_socket operations. It seem counterintuitive to > give an unprivileged user type audit write related policy.The > ref-policy version of auth_role does not use logging_send_audit_msgs. > We're considering patching our policy but I wanted to see what others > though about giving unprivileged user types this policy? > > Ted I think this should indeed probably be dontaudited (i have a few of those in my policy as well, so do as i say not as i do) Might have been added because of some unpriviliged user space object manager trying to log to audit. These would not have been allowed anyway. XSELinux, old dbus come to mind. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature