On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote: > On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote: > > --- Usage --- > > > > Smack namespace is written using LSM hooks inside user namespace. That > > means it's connected to it. > > > > To create a new Smack namespace you need to unshare() user namespace > > as usual. If that is all you do though, than there is no difference to > > what is now. To activate the Smack namespace you need to fill the > > labels' map. It is in a file /proc/$PID/smack_map. > > This should be /proc/$PID/attr/label_map or similar, modeled after the > existing /proc/$PID/attr/current and similar nodes. Then it isn't > module-specific and can be reused for other modules. To make this generic I'll have to introduce new LSH hooks to handle this file (much like /proc/$PID/attr/current). I take this is what you had in mind. -- Lukasz Pawelczyk Samsung R&D Institute Poland Samsung Electronics _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
