Supplemental Groups
Chris Wright
chrisw at osdl.org
Tue Feb 22 18:01:16 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> On Tuesday 22 February 2005 12:50, Chris Wright wrote:
> > I don't know, I don't think it's explicitly required by CAPP (unless
> > you interpret subject identity to include suplemental group IDs).
>
> Yes, this is what I was meaning.
>
> > As far as groups go, they can become large (no longer a fixed size array).
>
> I'm only wondering about the one group that was used to grant access, not the
> whole collection that any user belongs to.
Yeah, that's the bit that's not tracked at all.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the Linux-audit
mailing list