IBM Novell 10 SP1 EAL4 User Manual

The SLES kernel maintains information about each process in a task_struct process type of descriptor.

Each process descriptor contains information such as run-state of process, address space, list of open files,
process priority, which files the process is allowed to access, and security relevant credentials fields including
the following:

•

uid and gid, which describe the user ID and group ID of a process.

•

euid and egid, which describe the effective user ID and effective group ID of a process.

•

fsuid and fsgid, which describe the file system user ID and file system group ID of a process.

•

suid and sgid, which describe the saved user ID and saved group ID of a process.

•

groups, which lists the groups to which the process belongs.

•

state, which describes the run state of the process.

•

pid, which is the process identifier used by the kernel and user processes for identification.

•

security, which points to the information relating to the process domain and other attributes used and
managed by AppArmor.

The credentials are used every time a process tries to access a file or IPC objects. Process credentials, along
with the access control data and ownership of the object, determine if access is allowed.
Refer to include/linux/sched.h for information about other task_struct fields.
Figure 5-12 schematically shows the task_struct structure with fields relevant for access control.

56