On Fri, 2017-12-15 at 14:35 -0800, Matthew Garrett wrote: > On Fri, Dec 15, 2017 at 2:24 PM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > > Hm, sorry, missed this mail. I was kind of wondering what happened... > > On Tue, Nov 28, 2017 at 2:33 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > >> On Tue, 2017-11-28 at 13:37 -0800, Matthew Garrett wrote: > >>> security_task_getsecid(current) will give the same results as > >>> security_cred_getsecid(current_creds()) > >> > >> Unwinding security_task_getsecid(current) looks like it is using > >> real_cred, while current_cred() is using cred. > > > > Good question, and there's a current_real_cred() macro, so I should > > just use that instead. > > Hm. Actually, I'm not sure. For most checks we were using cred, and > only using real_cred for the secid lookup. This feels somewhat > inconsistent. Even if it is a one line change, it shouldn't be hidden like this. Please make it a separate patch, with the reason for the change. We need to make sure this change doesn't break existing systems. thanks, Mimi
