heh, after a few more sips of coffee and actually reading the manpage, my 1.d.1 is obviously incorrect because CAP_ADMIN_READ is not a capability. So in effect it's masking out the audit socket :)
heh, after a few more sips of coffee and actually reading the manpage, my 1.d.1 is obviously incorrect because CAP_ADMIN_READ is not a capability. So in effect it's masking out the audit socket :)