On 12/13/2012 8:12 AM, Eric Paris wrote: > On Thu, Dec 13, 2012 at 7:06 AM, Tetsuo Handa > <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: >> Casey Schaufler wrote: >>> /proc/.../attr/current >>> /proc/.../attr/selinux.current >>> /proc/.../attr/apparmor.current >>> /proc/.../attr/keycreate >>> /proc/.../attr/selinux.keycreate >>> >> Can we use prctl() interface instead of /proc/$pid/attr/$lsmname.$type ? >> I simply don't want to see flood of entries when "find /proc/" runs. ;-) >> >> prctl() can tell the caller whether specified LSM is enabled/presented or not >> via its return value. > I don't much care for or understand Casey's reason for using selinux.* > instead of selinux/* I asked opinions and all I heard were crickets. It's an easy change. Does anyone else have a preference? > but at least it means we can interact with these > interfaces in a shell. prctl() means you can't use tools like cat or > echo. Everything has to be a utility. That just does not seem as > nice for admins. Most programming is being done in scripting languages these days. Eric is correct. It is much more sensible to burden the C programmer than the HTML5 programmer. For many, many reasons. > In my opinion you want to do things pragmatically, use a library, and > if you want to do things as a human, use the tools that already exist. > > -Eric > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
