[Devel] Re: [PATCH 04/10] cr: split core function out of some set*{u, g}id functions

James Morris jmorris at namei.org
Wed Jun 10 05:20:08 PDT 2009


On Tue, 9 Jun 2009, Serge E. Hallyn wrote:

> When restarting tasks, we want to be able to change xuid and
> xgid in a struct cred, and do so with security checks.  Break
> the core functionality of set{fs,res}{u,g}id into cred_setX
> which performs the access checks based on current_cred(),
> but performs the requested change on a passed-in cred.
> 

Please cc the lsm list when making changes to security.

-- 
James Morris
<jmorris at namei.org>
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list