Re: task_post_setgid ?

From: Chris Wright (chrisw@private)
Date: Mon Feb 23 2004 - 14:53:57 PST

Next message: Chandra Seetharaman: "Re: task_post_setgid ?"

Previous message: Chandra Seetharaman: "task_post_setgid ?"
In reply to: Chandra Seetharaman: "task_post_setgid ?"
Next in thread: Chandra Seetharaman: "Re: task_post_setgid ?"
Reply: Chandra Seetharaman: "Re: task_post_setgid ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Chandra Seetharaman (sekharan@private) wrote:
> Hello,
> 
> In the list of security hooks, for setuid()(and family), I see two hooks - 
> task_setuid() and task_post_setuid(), one for checking the permissions and
> the second for setting the capabilities. But, for setgid(), I see only
> task_setgid(), no task_post_setgid().
> 
> To my understanding, the rationale for providing task_post_setuid() holds
> good for providing task_post_setgid(). What is the rationale for not having
> the post hook for setgid() ?

This is a result of converting the existing logic for preserving/dropping
capabilities across setuid type calls.  The logic did not include any
special casing for setgid calls.  So, this is straight port of the
pre-LSM code.  Do you have a specific use of a post_setgid hook?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Next message: Chandra Seetharaman: "Re: task_post_setgid ?"
Previous message: Chandra Seetharaman: "task_post_setgid ?"
In reply to: Chandra Seetharaman: "task_post_setgid ?"
Next in thread: Chandra Seetharaman: "Re: task_post_setgid ?"
Reply: Chandra Seetharaman: "Re: task_post_setgid ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 23 2004 - 14:54:52 PST