RE: FW: Hooks for MAC (updated)

From: Stephen Smalley (sdsat_private)
Date: Wed Aug 01 2001 - 06:17:05 PDT

  • Next message: Seth Arnold: "Re: SMP for testing..."

    On Wed, 1 Aug 2001, Lachlan McIlroy wrote:
    > We intend to provide extended attributes on the files in
    > /proc so that they will be protected by MAC labels.  This
    > will probably require changes to the vfs interface and
    > adding routines for getting/setting extended attributes
    > in the procfs.
    Both the original SELinux prototype and the new LSM-based SELinux
    prototype bind security contexts to procfs entries and protect
    them accordingly.  The /proc/PID entries are labeled with the
    security context of the owning process.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 08:41:33 PDT