On Wed, 2012-01-04 at 15:47 -0500, Eric Paris wrote:
> This allows audit to specify rules in which we compare two fields of a
> process.  Such as is the running process uid != to the running process
> euid?
>
> Signed-off-by: Peter Moody <pmoody@google.com>
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---

I broke this into a separate patch and didn't try to use the 'helper'
function.  Using the helper would be wrong since the comparison was not
supposed to involve fs objects.  Thus things which were passing it a
task_struct and offset as the second pointer were walking the
audit_names list dereferencing some random distance (distance of
loginuid inside a task_struct) from the found name and using that memory
location as a uid.  Opps.