[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Setting loginuid
- To: selinux@xxxxxxxxxxxxx
- Subject: Setting loginuid
- From: Steve G <linux_4ever@xxxxxxxxx>
- Date: Tue, 15 Feb 2005 07:53:12 -0800 (PST)
- Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=ukrQc/txwy3YR4oAMidXLBrkZX1v6kjEnJAe476EzysDhzVIaNMX7C7iwdugStpOzZvXwozLsEeo/+knmGCr/mx7UeInnB/kyjoNWOUr5OsClUHwJidL4fdf7SRrMxrArj4lE/sfTxe4Xm5pT7Yax6eoT2oDZYUJ/B3huRx/j2A= ;
- Sender: owner-selinux@xxxxxxxxxxxxx
Hi,
The 2.6.11 kernel will have the /proc/pid/loginuid attribute that can be accessed
to see what the original login uid was for a user's process. I remember several
people on this list interested in this being implemented. There's 2 ways I'm
considering for implementing the userspace portion of this feature and I wanted
to get opinions/feedback.
1) Use pam to set the information "pre-fork" and let the child inherit the
loginuid from the parent process. This muddies up the entry point program's
information, but is easier to do.
2) patch all entry point programs to explicitly set the loginuid after the fork.
This keep the parent process clean, but creates a lot of patches (20 - 30
programs).
Thanks,
-Steve Grubb
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.