PATCH [1/1]: audit: acquire creds selectively to reduce atomic op overhead
David Howells
dhowells at redhat.com
Fri Mar 11 16:33:52 UTC 2011
Tony Jones <tonyj at suse.de> wrote:
> I'm not seeing the 'tsk->real_cred' usage, can you clarify?
get_task_cred() and task_cred_xxxx() call __task_cred() which uses
tsk->real_cred. These are the real credentials of the process, and the ones
that are used when the process is being acted upon and the ones that are
visible through /proc.
However, if a task is acting upon something, task->cred is used instead. These
are not visible from the outside and may be overridden. current_cred_xxx()
uses these.
It's possible that the credentials being used in audit_filter_rules() are
incorrect under most circumstances and should be task->cred, not
task->real_cred.
David
More information about the Linux-audit
mailing list