[PATCH V3 2/2] IMA: Support using new creds in appraisal policy

[PATCH V3 1/2] security: Add a cred_getsecid hook · Matthew Garrett <hidden> · 2017-10-26
[PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-10-26
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · James Morris <hidden> · 2017-10-26
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Mimi Zohar <hidden> · 2017-11-28
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-11-28
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Mimi Zohar <hidden> · 2017-11-28
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-11-28
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Mimi Zohar <hidden> · 2017-11-28
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-12-15
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Matthew Garrett <hidden> · 2017-12-15
Re: [PATCH V3 2/2] IMA: Support using new creds in appraisal policy · Mimi Zohar <hidden> · 2017-12-18
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · James Morris <hidden> · 2017-10-26
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · Casey Schaufler <casey@schaufler-ca.com> · 2017-10-26
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · Matthew Garrett <hidden> · 2017-10-30
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · Stephen Smalley <hidden> · 2017-10-26
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · Matthew Garrett <hidden> · 2017-10-30
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · Stephen Smalley <hidden> · 2017-10-30
Re: [PATCH V3 1/2] security: Add a cred_getsecid hook · Matthew Garrett <hidden> · 2017-11-14

From: Matthew Garrett <hidden>
Date: 2017-12-15 22:35:57
Also in: linux-integrity, selinux

On Fri, Dec 15, 2017 at 2:24 PM, Matthew Garrett [off-list ref] wrote:

Hm, sorry, missed this mail.

On Tue, Nov 28, 2017 at 2:33 PM, Mimi Zohar [off-list ref] wrote:

quoted

On Tue, 2017-11-28 at 13:37 -0800, Matthew Garrett wrote:

quoted

security_task_getsecid(current) will give the same results as
security_cred_getsecid(current_creds())

Unwinding security_task_getsecid(current) looks like it is using
real_cred, while current_cred() is using cred.

Good question, and there's a current_real_cred() macro, so I should
just use that instead.

Hm. Actually, I'm not sure. For most checks we were using cred, and
only using real_cred for the secid lookup. This feels somewhat
inconsistent.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help