[PATCH] IPC_SET_PERM cleanup
Klaus Weidner
klaus at atsec.com
Tue May 9 14:51:39 UTC 2006
On Fri, May 05, 2006 at 04:59:49PM -0400, Linda Knippers wrote:
> Steve Grubb wrote:
> > This patch deletes the context string out of this record. Are we losing
> > anything important?
>
> I don't think so. I don't think the IPC_SET operations change the sid
> (at least I don't see it in the code) so its redundant with the obj information
> that's in the IPC record. If I'm missing it, I hope someone will point
> it out to me.
I agree that it's redundant. This is the sub-record that describes the
requested changes to object properties, and any information that can't be
changed through IPC_SET doesn't need to be in it. The information about
the current state of the object and subject is in separate sub-records.
-Klaus
More information about the Linux-audit
mailing list