On 2/26/19 5:20 PM, Ted Toth wrote:
The RHEL version of the auth_role macro which we are getting through our use of userdom_unpriv_user_template uses logging_send_audit_msgs which give a type the audit_write capability and allow rules for a number of netlink_audit_socket operations. It seem counterintuitive to give an unprivileged user type audit write related policy.The ref-policy version of auth_role does not use logging_send_audit_msgs. We're considering patching our policy but I wanted to see what others though about giving unprivileged user types this policy?
I agree that it doesn't seem like a good idea. Should probably file a bugzilla for redhat.
