Re: [PATCH] Realtime LSM

From: Chris Wright
Date: Sat Oct 09 2004 - 00:17:48 EST

Next message: Chuck Ebbert: "Re: [PATCH 2.6.9-rc3-mm2] EDD: use EXTENDED READ command, add CONFIG_EDD_SKIP_MB"
Previous message: Con Kolivas: "Re: voluntary-preempt-2.6.9-rc3-mm3-T3"
In reply to: Jack O'Quin: "Re: [PATCH] Realtime LSM"
Next in thread: Jack O'Quin: "Re: [PATCH] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Jack O'Quin (joq@xxxxxx) wrote:
> Chris Wright <chrisw@xxxxxxxx> writes:
> > use in_group_p
>
> I looked at that, it wasn't clear to me whether to use in_group_p() or
> in_egroup_p(). How do you choose?

For most cases they'll be identical. The difference is whether you're
comparing the fsgid or the egid. The former is what's used for file
access, the latter might make more sense in your case. However, in
99.9% of the cases you care about fsgid == egid, so it's a wash. So,
in_egroup_p matches a bit better. Relative to the other patches...

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net

--- security/realtime.c~rm_CONFIG_SECURITY 2004-10-08 16:16:35.000000000 -0700
+++ security/realtime.c 2004-10-08 21:06:28.020084984 -0700
@@ -66,7 +66,7 @@
if ((gid == e_gid) || (gid == current->gid))
return 1;

- return in_group_p(gid);
+ return in_egroup_p(gid);
}

static int realtime_bprm_set_security(struct linux_binprm *bprm)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chuck Ebbert: "Re: [PATCH 2.6.9-rc3-mm2] EDD: use EXTENDED READ command, add CONFIG_EDD_SKIP_MB"
Previous message: Con Kolivas: "Re: voluntary-preempt-2.6.9-rc3-mm3-T3"
In reply to: Jack O'Quin: "Re: [PATCH] Realtime LSM"
Next in thread: Jack O'Quin: "Re: [PATCH] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]