On Thu, Dec 13, 2012 at 7:06 AM, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > Casey Schaufler wrote: >> /proc/.../attr/current >> /proc/.../attr/selinux.current >> /proc/.../attr/apparmor.current >> /proc/.../attr/keycreate >> /proc/.../attr/selinux.keycreate >> > Can we use prctl() interface instead of /proc/$pid/attr/$lsmname.$type ? > I simply don't want to see flood of entries when "find /proc/" runs. ;-) > > prctl() can tell the caller whether specified LSM is enabled/presented or not > via its return value. I don't much care for or understand Casey's reason for using selinux.* instead of selinux/* but at least it means we can interact with these interfaces in a shell. prctl() means you can't use tools like cat or echo. Everything has to be a utility. That just does not seem as nice for admins. In my opinion you want to do things pragmatically, use a library, and if you want to do things as a human, use the tools that already exist. -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
