From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH] add uid and comm to OBJ_PID records
Date: Mon, 10 Dec 2007 16:02:43 -0500
Message-ID: <200712101602.43895.sgrubb@redhat.com>
References: <1197317542.7191.17.camel@localhost.localdomain>
	<475DA03C.2050502@hp.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <475DA03C.2050502@hp.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Monday 10 December 2007 15:23:24 Linda Knippers wrote:
> > type=3DOBJ_PID msg=3Daudit(12/10/2007 15:36:54.328:67) : opid=3D3018
> > obj=3Droot:system_r:httpd_t:s0-s0:c0.c1023 uid=3Dtest comm=3Dloop
>
> Is uid sufficient or do you need auid, gid, euid, suid, fsuid, egid,...
> as well?

I don't think you need fsuid or any of the group credentials for signals.=
 I=20
also don't think euid matters for receiving signals. auid could be useful=
.=20

People were mostly asking what process is this about, pid is generally no=
t=20
helpful. And they wanted to make sure it was legal for that process to be=
=20
getting a signal. So, you need to see the uid.

> The subject has exe as well as comm. =A0Should the obj record=20
> also have both?

Not 100% sure, but...I don't think we can get at it from the signal path=20
without holding a lock. We are trying to get what we can without any=20
complication or performance impact.

-Steve