On Fri, 16 Mar 2018 05:00:28 -0400 Richard Guy Briggs <rgb@xxxxxxxxxx> wrote: > Implement the proc fs write to set the audit container ID of a process, > emitting an AUDIT_CONTAINER record to document the event. A little detail, but still... > +static int audit_set_containerid_perm(struct task_struct *task, u64 containerid) > +{ > + struct task_struct *parent; > + u64 pcontainerid, ccontainerid; > + > + /* Don't allow to set our own containerid */ > + if (current == task) > + return -EPERM; > + /* Don't allow the containerid to be unset */ > + if (!cid_valid(containerid)) > + return -EINVAL; I went looking for cid_valid(), but it turns out you don't add it until patch 5. That, I expect, will not be good for bisectability (or patch review). Thanks, jon