| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jun 2017 13:58:15 +0200
From: José Bollo <jobol@...adev.net>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: James Morris <jmorris@...ei.org>,
LKLM <linux-kernel@...r.kernel.org>,
LSM <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH] procfs: add smack subdir to attrs
On Thu, 1 Jun 2017 16:59:24 -0700
Casey Schaufler <casey@...aufler-ca.com> wrote:
> On 6/1/2017 4:38 PM, James Morris wrote:
> > On Thu, 1 Jun 2017, Casey Schaufler wrote:
> >
> >> Subject: [PATCH] procfs: add smack subdir to attrs
> > Is there value in this without major stacking support?
>
> Yes. If a Smack aware application reads /proc/self/attr/current
> it has no way to know if what it sees is a Smack label or an
> SELinux context. True, the application can look elsewhere
> (i.e. /sys/kernel/security/lsm) to find out which is enabled.
> But the real fix is for Smack to use a different interface
> than SELinux. Which is what this does. True, it will be even
> more important when/if major stacking comes in, but it is still
> significant now, and I would like to have it regardless of
> the future acceptance of major stacking.
I agree that it is a nice forward movement to leave the mud.
I have a subsidiary question to ask. Should we keep the name 'attr' for
the subdirectory? It seems at least convenient but if a better name is
valuable (security, lsm, ...) why not to switch now?
BR josé
>
> --
> To unsubscribe from this list: send the line "unsubscribe
> linux-security-module" in the body of a message to
> majordomo@...r.kernel.org More majordomo info at
> http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists