[redhat-lspp] cups uds and lspp patches
Stephen Smalley
sds at tycho.nsa.gov
Thu Mar 16 16:29:23 UTC 2006
On Thu, 2006-03-16 at 10:52 -0500, Matt Anderson wrote:
> >Is the approach being taken for get_client_auid considered acceptable,
> >or should someone introduce an equivalent to PEERCRED/PEERSEC for the
> >auid?
>
> This was suggested by Steve Grubb on #audit. At that time we did
> discuss adding the auid to getpeercon, but were unable to find a
> volunteer. In your opinion would a patch for that functionality be
> acceptable upstream?
I'm not sure you'd want to try extending getpeercon/SO_PEERSEC directly
(particularly as we have to maintain compatibility for the existing
interface), but you could certainly propose a patch adding a new socket
option to export the auid and provide a getpeerauid() library function
in libaudit to wrap the kernel interface. Might want to make that
interface more easily extensible than PEERCRED so that people can later
add other info without breaking kernel ABI.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list