On Wed, 2008-10-15 at 05:46 +1000, Russell Coker wrote: > On Wednesday 15 October 2008 01:18, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > /proc is a pseudo filesystem generated by the kernel and the security > > contexts of /proc/pid nodes are identical to the security context of the > > associated process. Thus, any process role can be found in /proc. But > > processes cannot create files there. > > Except by calling fork(). > > Sorry, I felt the need to be pedantic. ;) Next you'll be arguing that processes can delete files in proc by calling exit()... -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
