[PATCH 26/27] LSM: Add /proc attr entry for full LSM context

Kees Cook keescook at chromium.org
Mon Jul 29 21:40:51 UTC 2019


On Mon, Jul 29, 2019 at 12:22:37PM -0700, Casey Schaufler wrote:
> On 7/29/2019 10:19 AM, Kees Cook wrote:
> > On Fri, Jul 26, 2019 at 04:39:22PM -0700, Casey Schaufler wrote:
> >> Add an entry /proc/.../attr/context which displays the full
> >> process security "context" in compound format:'
> >> 	lsm1\0value\0lsm2\0value\0...
> >> This entry is not writable.
> > As this is a new API, would it make sense to make this a bit more
> > human readable (i.e. newlines not %NUL)?
> 
> With the far reaching discussion about what format would be
> acceptable in mind I went with Simon McVittie's suggestion.
> Also note that AppArmor includes newline in attr/current,
> and this way we can preserve the existing value.
> It's compatible with /proc/.../cmdline and easily keesized:
> 
> 	cat /proc/self/attr/context | tr '\0' '\n'

Okay, cool. I suspected it must be the result of so many bike sheds but
I couldn't quite find those memories.

> >  (And if not, please justify the
> > reasoning in the commit log).
> 
> Good idea.

Thanks! It'll help my poor brain. :)

-- 
Kees Cook



More information about the Linux-security-module-archive mailing list