[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Supplemental Groups



* Steve Grubb (sgrubb redhat com) wrote:
> type=KERNEL msg=audit(1109089864.512:6279351): item=0 name=/opt/test.txt 
> inode=136 dev=00:00 
> type=KERNEL msg=audit(1109089864.512:6279351): syscall=5 exit=3 a0=bff6aa07 
> a1=8000 a2=0 a3=8000 items=1 pid=26538 loginuid=501 uid=501 gid=501 euid=501 
> suid=501 fsuid=501 egid=501 sgid=501 fsgid=501
> 
> Somewhere in there I expected group #10 to be mentioned since that is what 
> gave me access capability to the file. Does anyone know why its not recorded? 

It's a simple dump of basic credentials.  Not only are supplemental
groups not dumped (nor capabilities), but also there is nothing that's
telling you what mode (or capability) granted you the access (ignoring
SELinux audit records).

> Don't we need that information?

I don't know, I don't think it's explicitly required by CAPP (unless
you interpret subject identity to include suplemental group IDs).
As far as groups go, they can become large (no longer a fixed size array).

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]