audit: allow unsetting the loginuid (with priv)
authorEric Paris <eparis@redhat.com>
Fri, 24 May 2013 13:49:14 +0000 (09:49 -0400)
committerEric Paris <eparis@redhat.com>
Tue, 5 Nov 2013 16:08:09 +0000 (11:08 -0500)
commit81407c84ace88368ff23abb81caaeacf050c8450
tree16073582364ac97b798010640da348a68460b73d
parent83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
audit: allow unsetting the loginuid (with priv)

If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid.
This would allow a child of that task to set their loginuid without
CAP_AUDIT_CONTROL.  Thus when launching a new login daemon, a
priviledged helper would be able to unset the loginuid and then the
daemon, which may be malicious user facing, do not need priv to function
correctly.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
fs/proc/base.c
kernel/auditsc.c