summaryrefslogtreecommitdiff
path: root/COPYING
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2018-09-21 17:16:59 -0700
committerKees Cook <keescook@chromium.org>2019-01-08 13:18:44 -0800
commit6d9c939dbe4d0bcea09cd4b410f624cde1acb678 (patch)
tree1388ba40fc9bf6a8274fb807fe83c8a8e225b4c5 /COPYING
parentd117a154e6128abac5409d3f173584e7b25981a2 (diff)
downloadlwn-6d9c939dbe4d0bcea09cd4b410f624cde1acb678.tar.gz
lwn-6d9c939dbe4d0bcea09cd4b410f624cde1acb678.zip
procfs: add smack subdir to attrs
Back in 2007 I made what turned out to be a rather serious mistake in the implementation of the Smack security module. The SELinux module used an interface in /proc to manipulate the security context on processes. Rather than use a similar interface, I used the same interface. The AppArmor team did likewise. Now /proc/.../attr/current will tell you the security "context" of the process, but it will be different depending on the security module you're using. This patch provides a subdirectory in /proc/.../attr for Smack. Smack user space can use the "current" file in this subdirectory and never have to worry about getting SELinux attributes by mistake. Programs that use the old interface will continue to work (or fail, as the case may be) as before. The proposed S.A.R.A security module is dependent on the mechanism to create its own attr subdirectory. The original implementation is by Kees Cook. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions