• David Howells's avatar
    CRED: Differentiate objective and effective subjective credentials on a task · 3b11a1de
    David Howells authored
    Differentiate the objective and real subjective credentials from the effective
    subjective credentials on a task by introducing a second credentials pointer
    into the task_struct.
    
    task_struct::real_cred then refers to the objective and apparent real
    subjective credentials of a task, as perceived by the other tasks in the
    system.
    
    task_struct::cred then refers to the effective subjective credentials of a
    task, as used by that task when it's actually running.  These are not visible
    to the other tasks in the system.
    
    __task_cred(task) then refers to the objective/real credentials of the task in
    question.
    
    current_cred() refers to the effective subjective credentials of the current
    task.
    
    prepare_creds() uses the objective creds as a base and commit_creds() changes
    both pointers in the task_struct (indeed commit_creds() requires them to be the
    same).
    
    override_creds() and revert_creds() change the subjective creds pointer only,
    and the former returns the old subjective creds.  These are used by NFSD,
    faccessat() and do_coredump(), and will by used by CacheFiles.
    
    In SELinux, current_has_perm() is provided as an alternative to
    task_has_perm().  This uses the effective subjective context of current,
    whereas task_has_perm() uses the objective/real context of the subject.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    3b11a1de
fork.c 40.3 KB