[PATCH] enable /proc/$$/loginuid
Serge Hallyn
serue at us.ibm.com
Tue Jan 18 16:27:38 UTC 2005
No, I guess I've been misreading the code. Now the only remaining
reason for keeping that patch is to use loginuid when audit_enabled=0.
So I take the patch back :)
I will re-diff the netlink-loginuid patch without the loginuid-into-
taskstruct.patch and send it back out.
thanks,
-serge
On Tue, 2005-01-18 at 09:55 -0500, Stephen Smalley wrote:
> On Tue, 2005-01-18 at 09:50, Stephen Smalley wrote:
> > We'd like to have it available for programs like newrole, but that is
> > run from a user session and should thus already be auditable. Given
> > that an audit context is always set up unless the task is explicitly
> > marked non-auditable, and the only task likely to be marked
> > non-auditable is the audit daemon itself, I'm not sure why it matters.
> > Notice that at the point where an audit context is created for the task,
> > we don't have any criteria for determining whether the task should be
> > audited other than the pid and its parent task information. That is why
> > an audit context is almost always created, even if it isn't used in the
> > end.
>
> BTW, I'm not fundamentally opposed to adding the loginuid to the task
> struct, but I would tend to expect more resistance upstream to adding it
> unless it can truly be justified. And I'm not sure that it is
> justified...
>
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list