[PATCH v14 22/23] LSM: Add /proc attr entry for full LSM context
John Johansen
john.johansen at canonical.com
Mon Feb 3 22:49:19 UTC 2020
On 2/3/20 1:43 PM, Casey Schaufler wrote:
> On 2/3/2020 1:02 PM, John Johansen wrote:
>> On 1/24/20 12:16 PM, Stephen Smalley wrote:
>>> ...
>>>
>>> Aside from the trailing newline and \0 issues, AppArmor also has a whitespace-separated (mode) field that may or may not be present in the contexts it presently returns, ala "/usr/sbin/cupsd (enforce)". Not sure what they want for the new interfaces.
>>>
>>
>> It is not needed for the new interface. And if I could go back and remove it from the old interface I would.
>
> So, what would the "context" for this case be? "/usr/sbin/cupsd" or "enforce"?
>
"/usr/sbin/cupsd"
"enforce" is the profile mode which can be looked up separately using "/usr/sbin/cupsd" if it is really needed.
More information about the Linux-security-module-archive
mailing list