On Monday 10 December 2007 15:23:24 Linda Knippers wrote:
> type=OBJ_PID msg=audit(12/10/2007 15:36:54.328:67) : opid=3018
> obj=root:system_r:httpd_t:s0-s0:c0.c1023 uid=test comm=loop
Is uid sufficient or do you need auid, gid, euid, suid, fsuid, egid,...
as well?
I don't think you need fsuid or any of the group credentials for signals. I
also don't think euid matters for receiving signals. auid could be useful.
People were mostly asking what process is this about, pid is generally not
helpful. And they wanted to make sure it was legal for that process to be
getting a signal. So, you need to see the uid.
The subject has exe as well as comm. Should the obj record
also have both?
Not 100% sure, but...I don't think we can get at it from the signal path
without holding a lock. We are trying to get what we can without any
complication or performance impact.
-Steve