[Apparmor-general] problem with profiling sshd under OpenSuSE 10.2
Steve Beattie
sbeattie at suse.de
Tue Feb 6 12:56:57 MST 2007
On Tue, Feb 06, 2007 at 09:56:26AM -0800, Steve Beattie wrote:
> Hmm, it looks like a bug in the kernel audit subsystem to me; I
> successfully duplicated this on a pristine openSUSE 10.2 machine, and
> sure enough, sshd needs the audit_control capability immediately after
> writing to /proc/<pid>/loginuid.
>
> Looking at the mainline kernel tree at
> fs/proc/base.c::proc_loginuid_write(), the first line of real code in
> the function is:
>
> if (!capable(CAP_AUDIT_CONTROL))
> return -EPERM;
>
> This seems to be counter to what the capabilities(7) manpage says.
To followup, this turns out to be intended behavior; see this response
to my query on the audit list:
https://www.redhat.com/archives/linux-audit/2007-February/msg00020.html
--
Steve Beattie
SUSE Labs, Novell Inc.
<sbeattie at suse.de>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20070206/b101159d/attachment.pgp
More information about the Apparmor-general
mailing list