[PATCH v10 13/25] LSM: Specify which LSM to display
Simon McVittie
smcv at collabora.com
Tue Oct 29 14:44:08 UTC 2019
On Thu, 24 Oct 2019 at 13:52:16 -0700, Casey Schaufler wrote:
> Create a new entry "display" in /proc/.../attr for controlling
> which LSM security information is displayed for a process.
It still isn't immediately obvious to me from the commit message whether
the "..." stands for the pid of the process that will read LSM information,
or the pid of the process whose LSM information will be read.
I believe the intended meaning was the former? So perhaps
Create a new entry "display" in /proc/$reader/attr that controls
which LSM security information will be displayed when the process
$reader reads LSM information.
(Note that when $reader reads /proc/$subject/attr/current for
$reader != $subject, it is /proc/$reader/attr/display that controls
what is displayed there, not /proc/$subject/attr/display.)
The commit that introduces /proc/.../attr/context could probably
benefit from similar treatment - maybe it could be referred to as
/proc/$subject/attr/context?
smcv
More information about the Linux-security-module-archive
mailing list