On Thu, Feb 18, 2021 at 4:40 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 2/18/2021 11:34 AM, Paul Moore wrote: ... > > How do we want to fix this? The obvious fix is to change the SELinux, > > AppArmor, and Smack security_task_getsecid() implementations to return > > the subjective security ID (->cred), and likely make a note in > > lsm_hooks.h, > > That would be my choice. As I've dug into this more, it does look like that is closest to being correct, but there are still a few callers where it looks like the objective creds are needed. I think the correct thing to do is convert the existing hook to use the subjective creds and add a "_subj" at the end, while also creating a new security_task_getsecid_obj() hook to return the objective cred and updating those few callers that need it. I'll see about making the associated changes to the Smack and AppArmor code too, but that will obviously need some heavy review by you and John. -- paul moore www.paul-moore.com