On Wed, May 7, 2014 at 4:11 PM, Daniel Micay <danielmicay@gmail.com> wrote:
RBAC also allows quite a bit of auditing with the grsecurity audit infrastructure. You can audit attempts to make use of a certain path, capability, IP protocol, etc. Of course, this assumes you have a basic working RBAC policy for tacking on allowed + audited policies or disallowed + audited policies. So CONFIG_AUDIT=Y is a lot less useful.
I'm sad that AUDIT was disabled. It provided /proc/self/loginuid, which I used in my shell scripts. loginuid is also used by glibc's getlogin(3), which now no longer works unless the user is logged in on their terminal. In managed X sessions that's often not the case, resulting in bugs like https://bugs.archlinux.org/task/40975 .