[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] enable /proc/$$/loginuid



No, I guess I've been misreading the code.  Now the only remaining
reason for keeping that patch is to use loginuid when audit_enabled=0.

So I take the patch back  :)

I will re-diff the netlink-loginuid patch without the loginuid-into-
taskstruct.patch and send it back out.

thanks,
-serge

On Tue, 2005-01-18 at 09:55 -0500, Stephen Smalley wrote:
> On Tue, 2005-01-18 at 09:50, Stephen Smalley wrote:
> > We'd like to have it available for programs like newrole, but that is
> > run from a user session and should thus already be auditable.  Given
> > that an audit context is always set up unless the task is explicitly
> > marked non-auditable, and the only task likely to be marked
> > non-auditable is the audit daemon itself, I'm not sure why it matters. 
> > Notice that at the point where an audit context is created for the task,
> > we don't have any criteria for determining whether the task should be
> > audited other than the pid and its parent task information.  That is why
> > an audit context is almost always created, even if it isn't used in the
> > end.
> 
> BTW, I'm not fundamentally opposed to adding the loginuid to the task
> struct, but I would tend to expect more resistance upstream to adding it
> unless it can truly be justified.  And I'm not sure that it is
> justified...
> 
-- 
Serge Hallyn <serue us ibm com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]