git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Wed, 7 Mar 2018 22:31:19 +0000 (14:31 -0800)
committer	Seth Forshee <seth.forshee@canonical.com>
	Tue, 10 Apr 2018 18:06:09 +0000 (13:06 -0500)
commit	dcd148a1b452879b398f650a66e937740da8e78d
tree	10c384ce8bc74734bbbaadeb6375c17f3febb262	tree
parent	37eaf9dd7bee459952a707cf4cd9a8bc9b61e991	commit \| diff

UBUNTU: SAUCE: LSM stacking: procfs: add smack subdir to attrs

BugLink: http://bugs.launchpad.net/bugs/1763062
Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an interface in /proc to manipulate
the security context on processes. Rather than use a similar
interface, I used the same interface. The AppArmor team did
likewise. Now /proc/.../attr/current will tell you the
security "context" of the process, but it will be different
depending on the security module you're using.

This patch provides a subdirectory in /proc/.../attr for
Smack. Smack user space can use the "current" file in
this subdirectory and never have to worry about getting
SELinux attributes by mistake. Programs that use the
old interface will continue to work (or fail, as the case
may be) as before.

The original implementation is by Kees Cook.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Documentation/admin-guide/LSM/index.rst		diff \| blob \| blame \| history
fs/proc/base.c		diff \| blob \| blame \| history
fs/proc/internal.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history