summaryrefslogtreecommitdiffstats
path: root/Documentation/device-mapper
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2014-04-22 21:31:57 -0400
committerDavid S. Miller <davem@davemloft.net>2014-04-22 21:42:27 -0400
commit451f921639fea4600dfb9ab2889332bdcc7b48d3 (patch)
tree64077829e0b9634a9dfc33558b19df3ef682ed6a /Documentation/device-mapper
parent3a101b8de0d39403b2c7e5c23fd0b005668acf48 (diff)
downloadblackbird-op-linux-451f921639fea4600dfb9ab2889332bdcc7b48d3.tar.gz
blackbird-op-linux-451f921639fea4600dfb9ab2889332bdcc7b48d3.zip
audit: add netlink multicast group for log read
Add a netlink multicast socket with one group to kaudit for "best-effort" delivery to read-only userspace clients such as systemd, in addition to the existing bidirectional unicast auditd userspace client. Currently, auditd is intended to use the CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE capabilities, but actually uses CAP_NET_ADMIN. The CAP_AUDIT_READ capability is added for use by read-only AUDIT_NLGRP_READLOG netlink multicast group clients to the kaudit subsystem. This will safely give access to services such as systemd to consume audit logs while ensuring write access remains restricted for integrity. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/device-mapper')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud