IBM 10 SP1 EAL4 Server User Manual


 
The SLES kernel maintains information about each process in a task_struct process type of descriptor.
Each process descriptor contains information such as run-state of process, address space, list of open files,
process priority, which files the process is allowed to access, and security relevant credentials fields including
the following:
uid and gid, which describe the user ID and group ID of a process.
euid and egid, which describe the effective user ID and effective group ID of a process.
fsuid and fsgid, which describe the file system user ID and file system group ID of a process.
suid and sgid, which describe the saved user ID and saved group ID of a process.
groups, which lists the groups to which the process belongs.
state, which describes the run state of the process.
pid, which is the process identifier used by the kernel and user processes for identification.
security, which points to the information relating to the process domain and other attributes used and
managed by AppArmor.
The credentials are used every time a process tries to access a file or IPC objects. Process credentials, along
with the access control data and ownership of the object, determine if access is allowed.
Refer to include/linux/sched.h for information about other task_struct fields.
Figure 5-12 schematically shows the task_struct structure with fields relevant for access control.
56