git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Sat, 22 Sep 2018 00:16:59 +0000 (17:16 -0700)
committer	Kees Cook <keescook@chromium.org>
	Tue, 8 Jan 2019 21:18:44 +0000 (13:18 -0800)
commit	6d9c939dbe4d0bcea09cd4b410f624cde1acb678
tree	1388ba40fc9bf6a8274fb807fe83c8a8e225b4c5	tree
parent	d117a154e6128abac5409d3f173584e7b25981a2	commit \| diff

procfs: add smack subdir to attrs

Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an interface in /proc to manipulate
the security context on processes. Rather than use a similar
interface, I used the same interface. The AppArmor team did
likewise. Now /proc/.../attr/current will tell you the
security "context" of the process, but it will be different
depending on the security module you're using.

This patch provides a subdirectory in /proc/.../attr for
Smack. Smack user space can use the "current" file in
this subdirectory and never have to worry about getting
SELinux attributes by mistake. Programs that use the
old interface will continue to work (or fail, as the case
may be) as before.

The proposed S.A.R.A security module is dependent on
the mechanism to create its own attr subdirectory.

The original implementation is by Kees Cook.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>

Documentation/admin-guide/LSM/index.rst		diff \| blob \| blame \| history
fs/proc/base.c		diff \| blob \| blame \| history
fs/proc/internal.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history