The attached patch moves the loginuid into the task_struct. Is there any reason not to do this? Keeping it in the audit_context is incompatible with the idea of only creating audit_contexts during an auditable action. The next patch I send out will again introduce /proc/$$/loginuid, and initialize the loginuid to -1 at boot. thanks, -serge -- Serge Hallyn <serue(a)us.ibm.com&gt;