| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jan 2007 15:07:33 -0500 From: Stephen Smalley <sds@...ho.nsa.gov> To: casey@...aufler-ca.com Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Andrew Morton <akpm@...l.org>, Ingo Molnar <mingo@...e.hu>, tglx@...utronix.de, linux-kernel@...r.kernel.org, selinux@...ho.nsa.gov, jmorris@...ei.org Subject: Re: [PATCH] sysctl selinux: Don't look at table->de On Mon, 2007-01-29 at 11:08 -0800, Casey Schaufler wrote: > --- Stephen Smalley <sds@...ho.nsa.gov> wrote: > > > True, but a system that disables proc is likely a > > system with a custom > > policy anyway, and dependency on proc is fairly > > basic to selinux these > > days (due to reliance on /proc/self/attr for process > > attribute > > manipulation in place of the old selinux syscalls). > > Possibly we should > > just make selinux depend on proc and drop the #ifdef > > there. > > Alternativly you could move the SELinux specific > bits out of /proc/self/attr into an equivalent > /selinux/self/attr and avoid that /proc dependency. We could, but I don't see any compelling reason to do so. We were specifically told to use proc for the selinux process attributes when we refactored the selinux api for 2.6 inclusion, as they are per-process state and fit naturally into proc. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists