Re: Supplemental Groups
* Steve Grubb (sgrubb(a)redhat.com) wrote:
type=KERNEL msg=audit(1109089864.512:6279351): item=0
name=/opt/test.txt
inode=136 dev=00:00
type=KERNEL msg=audit(1109089864.512:6279351): syscall=5 exit=3 a0=bff6aa07
a1=8000 a2=0 a3=8000 items=1 pid=26538 loginuid=501 uid=501 gid=501 euid=501
suid=501 fsuid=501 egid=501 sgid=501 fsgid=501
Somewhere in there I expected group #10 to be mentioned since that is what
gave me access capability to the file. Does anyone know why its not recorded?
It's a simple dump of basic credentials. Not only are supplemental
groups not dumped (nor capabilities), but also there is nothing that's
telling you what mode (or capability) granted you the access (ignoring
SELinux audit records).
Don't we need that information?
I don't know, I don't think it's explicitly required by CAPP (unless
you interpret subject identity to include suplemental group IDs).
As far as groups go, they can become large (no longer a fixed size array).
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net