interfaces/default: allow owner read on @{PROC}/@{pid}/sessionid

[ZeyadYasser]

This is used by auditd, and is generally safe to expose.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.97%. Comparing base (96ea7b0) to head (9dc3de1).
Report is 19 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14673      +/-   ##
==========================================
+ Coverage   78.95%   78.97%   +0.02%     
==========================================
  Files        1084     1085       +1     
  Lines      146638   147119     +481     
==========================================
+ Hits       115773   116183     +410     
- Misses      23667    23713      +46     
- Partials     7198     7223      +25     

Flag	Coverage Δ
unittests	78.97% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zyga]

Looks good

The sessionid is somewhat unexpectedly the audit session ID and not anything else:

static ssize_t proc_sessionid_read(struct file * file, char __user * buf,
          size_t count, loff_t *ppos)
{
  struct inode * inode = file_inode(file);
  struct task_struct *task = get_proc_task(inode);
  ssize_t length;
  char tmpbuf[TMPBUFLEN];

  if (!task)
    return -ESRCH;
  length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
        audit_get_sessionid(task));
  put_task_struct(task);
  return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}

[bboozzoo]

LGTM

[alexmurray]

LGTM - this is world-readable by default in the kernel and doesn't contain any sensitive information.