Hi,
On 21 Aug 2003, Stephen Smalley wrote:
> On Thu, 2003-08-21 at 05:59, Philippe Biondi wrote:
> sys_security was removed from the mainline kernel last October, iirc, so
> no one should be relying on it for their security module API.
>
> We overhauled the SELinux API earlier this year based on feedback from
> the kernel developers, and were able to get the necessary supporting
> changes into the mainline kernel:
> - a /proc/pid/attr API for getting and setting process security
> attributes,
I've seen that these attributes seem very SE Linux oriented, and are
hardcoded : (fs/proc/base.c)
#ifdef CONFIG_SECURITY
static struct pid_entry attr_stuff[] = {
E(PROC_PID_ATTR_CURRENT, "current", S_IFREG|S_IRUGO|S_IWUGO),
E(PROC_PID_ATTR_PREV, "prev", S_IFREG|S_IRUGO),
E(PROC_PID_ATTR_EXEC, "exec", S_IFREG|S_IRUGO|S_IWUGO),
E(PROC_PID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUGO),
{0,0,NULL,0}
};
#endif
How are we supposed to manage a different kind of communication ?
(for example if I need different files in /proc/<pid>/attr)
> - changes to LSM and a new xattr handler to support the use of extended
> attributes by security modules for file security attributes.
I guess this can't be the answer to my previous question.
Best regards, Phil.
--
Philippe Biondi <biondi@ cartel-securite.fr> Cartel Sécurité
Security Consultant/R&D http://www.cartel-securite.fr
Phone: +33 1 44 06 97 94 Fax: +33 1 44 06 97 99
PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
_______________________________________________
linux-security-module mailing list
linux-security-module@mail.wirex.com
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Aug 24 2003 - 14:46:09 PDT