[PATCH] audit: handle loginuid through proc
The audit subsystem uses netlink messages to request loginuid changes. Due to the sensitivity of loginuid, netlink appears to be insufficient. For instance, it is not easy to guarantee that the loginuid message will be handled before any other auditable actions, and there is even the remote possibility of the process terminating and another process with the same pid being created before the message is handled. Finally, other kernel code, in particular selinux, is interested in easily querying the loginuid for inclusion in its own messages. The following patch moves loginuid handling from netlink to the /proc/$$/loginuid file, and adds a audit_get_loginuid() function. It also includes Stephen Smalley's patch to correctly inherit the loginuid on fork. It has been actively discussed on the linux-audit mailing list. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing
Please register or sign in to comment