Provide basic ABI descriptions for the process attribute entries that are shared between multiple Linux security modules. Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> --- Documentation/ABI/testing/procfs-attr-current | 20 ++++++++++++++++++++ Documentation/ABI/testing/procfs-attr-exec | 20 ++++++++++++++++++++ Documentation/ABI/testing/procfs-attr-prev | 19 +++++++++++++++++++ 3 files changed, 59 insertions(+) diff --git a/Documentation/ABI/testing/procfs-attr-current b/Documentation/ABI/testing/procfs-attr-current new file mode 100644 index 000000000000..198b9fe1c8e8 --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-current @@ -0,0 +1,20 @@ +What: /proc/*/attr/current +Contact: linux-security-module@xxxxxxxxxxxxxxx, + selinux@xxxxxxxxxxxxxxx, + apparmor@xxxxxxxxxxxxxxxx +Description: The current security information used by a Linux + security module (LSM) that is active on the system. + The details of permissions required to read from + this interface and hence obtain the security state + of the task identified is LSM dependent. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface and hence change the security state of + the task identified are LSM dependent. + The format of the data used by this interface is LSM + dependent. + SELinux, Smack and AppArmor provide this interface. +Users: SELinux user-space + Smack user-space + AppArmor user-space diff --git a/Documentation/ABI/testing/procfs-attr-exec b/Documentation/ABI/testing/procfs-attr-exec new file mode 100644 index 000000000000..34593866a7ab --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-exec @@ -0,0 +1,20 @@ +What: /proc/*/attr/exec +Contact: linux-security-module@xxxxxxxxxxxxxxx, + selinux@xxxxxxxxxxxxxxx, + apparmor@xxxxxxxxxxxxxxxx +Description: The security information to be used on the process + by a Linux security module (LSM) active on the system + after a subsequent exec() call. + The details of permissions required to read from + this interface and hence obtain the security state + of the task identified is LSM dependent. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface and hence change the security state of + the task identified are LSM dependent. + The format of the data used by this interface is LSM + dependent. + SELinux and AppArmor provide this interface. +Users: SELinux user-space + AppArmor user-space diff --git a/Documentation/ABI/testing/procfs-attr-prev b/Documentation/ABI/testing/procfs-attr-prev new file mode 100644 index 000000000000..f990b3595839 --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-prev @@ -0,0 +1,19 @@ +What: /proc/*/attr/prev +Contact: linux-security-module@xxxxxxxxxxxxxxx, + selinux@xxxxxxxxxxxxxxx, + apparmor@xxxxxxxxxxxxxxxx +Description: The security information used on the process by + a Linux security module (LSM) active on the system + prior to the most recent exec() call. + The details of permissions required to read from + this interface is LSM dependent. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface are LSM dependent. + The format of the data used by this interface is LSM + dependent. + SELinux and AppArmor provide this interface. +Users: SELinux user-space + AppArmor user-space +
