On Fri, Dec 15, 2017 at 2:24 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > Hm, sorry, missed this mail. > > On Tue, Nov 28, 2017 at 2:33 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: >> On Tue, 2017-11-28 at 13:37 -0800, Matthew Garrett wrote: >>> security_task_getsecid(current) will give the same results as >>> security_cred_getsecid(current_creds()) >> >> Unwinding security_task_getsecid(current) looks like it is using >> real_cred, while current_cred() is using cred. > > Good question, and there's a current_real_cred() macro, so I should > just use that instead. Hm. Actually, I'm not sure. For most checks we were using cred, and only using real_cred for the secid lookup. This feels somewhat inconsistent.
