Filter
Top Products
The SLES kernel maintains information about each process in a task_struct process type of descriptor.
Each process descriptor contains information such as run-state of process, address space, list of open files,
process priority, which files the process is allowed to access, and security relevant credentials fields including
the following:
• uid and gid, which describe the user ID and group ID of a process.
• euid and egid, which describe the effective user ID and effective group ID of a process.
• fsuid and fsgid, which describe the file system user ID and file system group ID of a process.
• suid and sgid, which describe the saved user ID and saved group ID of a process.
• groups, which lists the groups to which the process belongs.
• state, which describes the run state of the process.
• pid, which is the process identifier used by the kernel and user processes for identification.
• security, which points to the information relating to the process domain and other attributes used and
managed by AppArmor.
The credentials are used every time a process tries to access a file or IPC objects. Process credentials, along
with the access control data and ownership of the object, determine if access is allowed.
Refer to include/linux/sched.h for information about other task_struct fields.
Figure 5-12 schematically shows the task_struct structure with fields relevant for access control.
56