--- David Howells <[EMAIL PROTECTED]> wrote: > Casey Schaufler <[EMAIL PROTECTED]> wrote: > > > > One thing I'm not certain about is how this should interact with /proc, > > > which can display some of the stuff in the cred struct. I think it may > be > > > necessary to have a real cred pointer and an effective cred pointer, with > > > the contents of /proc coming from the real, but the effective governing > > > what actually goes on. > > > > I think you want the effective values to show up in /proc. > > Perhaps - but bear in mind that in the override case they weren't set by the > process itself.
They are nonetheless in effect and (heaven forbid) should they be abused you don't want to hide the facts from concerned observers. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
