On Fri, Dec 14, 2012 at 9:26 AM, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > Are you worrying about breakage that taskattr runs as a child process until > taskattr utility is implemented as a shell's built-in function like echo ? > Then, we can have migration period. > > I don't see much difference because scripts programmers have to convert their > scripts anyway... Please no. We already have that utility, it's called 'cat' and 'echo' and everyone already knows them and has them installed. If you want to interact with a C program, it's super easy to write a library function that deals with a file interface. Maybe it's a poor argument, but a file interface is the unix way to do things. Its just what people expect. Forcing some new utility on them only makes it harder. You might be able to implement a prctl interface for your LSM, if you really think there is some value, but I doubt it. I'd expect others to want you to either use netlink or ioctl rather than prctl. In any case, I support /proc/pid/attr/[LSM]/[LSM_FILES] > Kees Cook wrote: >> Like Eric, I prefer directories. It complicates things slightly >> because then LSMs can't be named "current", etc... > > LSMs can't be named ".", "..", "/" etc... I think these restrictions sound most reasonable. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
