Re: [RFC] [PATCH] [6/6] LSM Stacking: temporary setprocattr hack

From: Serge E. Hallyn
Date: Thu Nov 04 2004 - 20:41:56 EST

Next message: Nigel Cunningham: "Re: power/suspend error"
Previous message: Nick Piggin: "Re: cache_hot_time"
In reply to: Chris Wright: "Re: [RFC] [PATCH] [6/6] LSM Stacking: temporary setprocattr hack"
Next in thread: Chris Wright: "Re: [RFC] [PATCH] [6/6] LSM Stacking: temporary setprocattr hack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Quoting Chris Wright (chrisw@xxxxxxxx):
> * Serge Hallyn (serue@xxxxxxxxxx) wrote:
> > Stacker assumes that data written to /proc/<pid>/attr/* is of the
> > form:
> >
> > module_name: data
>
> This breaks current tools where fields are space-delimited. procps does
> filtering that way, and I believe libselinux does as well.

Oh, are you talking about the output of getprocattr? Perhaps the output
should (temporarily) be default list the selinux info on the first line,
without a "selinux: " prepended, and list any other modules after?

Or do you mean something else?

You mentioned a common LSM sysfs framework. Does it offer support for
both per-module and per-pid-per-module files? If so, then I suppose it
would be fair to force LSMs to use those, and reserve the existing
{gs}etprocattr files for selinux use (or nuke them).

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nigel Cunningham: "Re: power/suspend error"
Previous message: Nick Piggin: "Re: cache_hot_time"
In reply to: Chris Wright: "Re: [RFC] [PATCH] [6/6] LSM Stacking: temporary setprocattr hack"
Next in thread: Chris Wright: "Re: [RFC] [PATCH] [6/6] LSM Stacking: temporary setprocattr hack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]