[PATCH] enable /proc/$$/loginuid
Serge E. Hallyn
serue at us.ibm.com
Fri Jan 14 21:08:52 UTC 2005
I was thinking of that as similar to AUDIT_LIST and AUDIT_GET. Clearly
they are different. I'll get rid of the capable call.
thanks,
-serge
Quoting Stephen Smalley (sds at epoch.ncsc.mil):
> On Fri, 2005-01-14 at 14:06, Serge Hallyn wrote:
> > Changelog:
> > 1/14/2005: Added several checks for error values which were missing.
> > 1/07/2005: First version.
> >
> > Is this ready for lkml?
>
> Why require CAP_AUDIT_CONTROL to read the loginuid? Programs like
> newrole would like to have a more reliable user identity available than
> the normal uid; we were having them extract the SELinux user identity
> from the security context, but in Fedora, that is typically just user_u
> due to the lack of integration of user management with policy.
>
> --
> Stephen Smalley <sds at epoch.ncsc.mil>
> National Security Agency
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list