git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Tue, 25 Jul 2017 18:06:52 +0000 (11:06 -0700)
committer	Seth Forshee <seth.forshee@canonical.com>
	Thu, 28 Sep 2017 20:54:18 +0000 (16:54 -0400)
commit	9eee8d637a05311251b03ddaca6db64d57918d30
tree	7f0cc6ea18ca960d2d4841a2762f3f7e403b04ec	tree
parent	526517a22ed968653952ed3680ed911484a34055	commit \| diff

UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs

Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an interface in /proc to manipulate
the security context on processes. Rather than use a similar
interface, I used the same interface. The AppArmor team did
likewise. Now /proc/.../attr/current will tell you the
security "context" of the process, but it will be different
depending on the security module you're using.

This patch provides a subdirectory in /proc/.../attr for
Smack. Smack user space can use the "current" file in
this subdirectory and never have to worry about getting
SELinux attributes by mistake. Programs that use the
old interface will continue to work (or fail, as the case
may be) as before.

This patch does not include subdirectories for SELinux
or AppArmor. I do have a patch that provides those, and
will happily make it available should anyone see value
in it.

The original implementation is by Kees Cook.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Documentation/admin-guide/LSM/index.rst		diff \| blob \| blame \| history
fs/proc/base.c		diff \| blob \| blame \| history
fs/proc/internal.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history