On Thu, 14 Jul 2005, Enrico Scholz wrote:
> enrico.scholz@sigma-chemnitz.de (Enrico Scholz) writes:
>
>> | # auditctl -m 'foo'
>> | Error sending user message request (Operation not permitted)
>> ...
>> This gives problems on Fedora Core 4 as recent pam upgrade is
>> using this functionality and most actions (su, cron) will fail
>> therefore.
>
> Quick workaround is to add '^29' to the 'bcapabilities' of the
> corresponding vserver. Next util-vserver version will probably
> implicate this with the '--secure' option (after I decided how to
> deal with the CAP_QUOTACTL vs. CAP_AUDIT_WRITE conflict).
This didn't work for me (just to make "su -" work), it seems that I needed
^30 (CAP_AUDIT_CONTROL).
Does anyone here know what the security implication of this is? We don't
run auditd.
Grisha
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Nov 14 05:01:07 2005