Re: [PATCH] enable /proc/$$/loginuid

Tuesday, 18 January 2005

On Tue, 2005-01-18 at 09:48, Steve Grubb wrote:
...
 On Tuesday 18 January 2005 09:30, Stephen Smalley wrote:
 > The loginuid serves no purpose for non-auditable tasks, and it
 > seems wasteful to put it into the task struct.

 I thought that people writing SE Linux policy wants this information available 
 for all tasks. 
We'd like to have it available for programs like newrole, but that is
run from a user session and should thus already be auditable.  Given
that an audit context is always set up unless the task is explicitly
marked non-auditable, and the only task likely to be marked
non-auditable is the audit daemon itself, I'm not sure why it matters. 
Notice that at the point where an audit context is created for the task,
we don't have any criteria for determining whether the task should be
audited other than the pid and its parent task information.  That is why
an audit context is almost always created, even if it isn't used in the
end.

-- 
Stephen Smalley <sds(a)epoch.ncsc.mil&gt;
National Security Agency

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] enable /proc/$$/loginuid