[PATCH v10 13/25] LSM: Specify which LSM to display
Casey Schaufler
casey at schaufler-ca.com
Tue Oct 29 15:44:54 UTC 2019
On 10/29/2019 7:44 AM, Simon McVittie wrote:
> On Thu, 24 Oct 2019 at 13:52:16 -0700, Casey Schaufler wrote:
>> Create a new entry "display" in /proc/.../attr for controlling
>> which LSM security information is displayed for a process.
> It still isn't immediately obvious to me from the commit message whether
> the "..." stands for the pid of the process that will read LSM information,
> or the pid of the process whose LSM information will be read.
For all practical purposes "..." will be "self". You can read the
attr/display of another process, but I don't know where that would
be useful. You can't write to the attr/display of an different process.
>
> I believe the intended meaning was the former? So perhaps
>
> Create a new entry "display" in /proc/$reader/attr that controls
> which LSM security information will be displayed when the process
> $reader reads LSM information.
>
> (Note that when $reader reads /proc/$subject/attr/current for
> $reader != $subject, it is /proc/$reader/attr/display that controls
> what is displayed there, not /proc/$subject/attr/display.)
>
> The commit that introduces /proc/.../attr/context could probably
> benefit from similar treatment - maybe it could be referred to as
> /proc/$subject/attr/context?
Thanks. I'll work on making it clearer.
>
> smcv
More information about the Linux-security-module-archive
mailing list