[PATCH 26/27] LSM: Add /proc attr entry for full LSM context
Kees Cook
keescook at chromium.org
Mon Jul 29 21:40:51 UTC 2019
On Mon, Jul 29, 2019 at 12:22:37PM -0700, Casey Schaufler wrote:
> On 7/29/2019 10:19 AM, Kees Cook wrote:
> > On Fri, Jul 26, 2019 at 04:39:22PM -0700, Casey Schaufler wrote:
> >> Add an entry /proc/.../attr/context which displays the full
> >> process security "context" in compound format:'
> >> lsm1\0value\0lsm2\0value\0...
> >> This entry is not writable.
> > As this is a new API, would it make sense to make this a bit more
> > human readable (i.e. newlines not %NUL)?
>
> With the far reaching discussion about what format would be
> acceptable in mind I went with Simon McVittie's suggestion.
> Also note that AppArmor includes newline in attr/current,
> and this way we can preserve the existing value.
> It's compatible with /proc/.../cmdline and easily keesized:
>
> cat /proc/self/attr/context | tr '\0' '\n'
Okay, cool. I suspected it must be the result of so many bike sheds but
I couldn't quite find those memories.
> > (And if not, please justify the
> > reasoning in the commit log).
>
> Good idea.
Thanks! It'll help my poor brain. :)
--
Kees Cook
More information about the Linux-security-module-archive
mailing list