enable CONFIG_AUDIT_LOGINUID_IMMUTABLE on F17
Eric Paris
eparis at redhat.com
Thu Feb 9 20:55:11 UTC 2012
On Thu, 2012-02-09 at 14:32 -0500, Eric Paris wrote:
> With this enabled we will break people directly launching login
> utilities instead of going through init. However it will allow us to
> remove some permissions from applications (CAP_AUDIT_CONTROL) since
> setting the loginuid will no longer be a privileged operation and will
> greatly increase the reliability of audit logs to be able to attest to
> what user performed what operation.
Launching by hand can be made to work by changing your pam config to
switch pam_loginuid.so to be 'optional' instead of 'required.' It also
means that the admin who started the service will be attributed to
everything someone who logs in did.
but those are the knocks if you do weird stuff like launch your own sshd
inside a chroot....
More information about the kernel
mailing list