[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] add uid and comm to OBJ_PID records

On Monday 10 December 2007 15:23:24 Linda Knippers wrote:
> > type=OBJ_PID msg=audit(12/10/2007 15:36:54.328:67) : opid=3018
> > obj=root:system_r:httpd_t:s0-s0:c0.c1023 uid=test comm=loop
> Is uid sufficient or do you need auid, gid, euid, suid, fsuid, egid,...
> as well?

I don't think you need fsuid or any of the group credentials for signals. I 
also don't think euid matters for receiving signals. auid could be useful. 

People were mostly asking what process is this about, pid is generally not 
helpful. And they wanted to make sure it was legal for that process to be 
getting a signal. So, you need to see the uid.

> The subject has exe as well as comm.  Should the obj record 
> also have both?

Not 100% sure, but...I don't think we can get at it from the signal path 
without holding a lock. We are trying to get what we can without any 
complication or performance impact.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]