On 12/13/2012 9:13 AM, Kees Cook wrote: > On Thu, Dec 13, 2012 at 8:31 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> On 12/13/2012 8:12 AM, Eric Paris wrote: >>> On Thu, Dec 13, 2012 at 7:06 AM, Tetsuo Handa >>> <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: >>>> Casey Schaufler wrote: >>>>> /proc/.../attr/current >>>>> /proc/.../attr/selinux.current >>>>> /proc/.../attr/apparmor.current >>>>> /proc/.../attr/keycreate >>>>> /proc/.../attr/selinux.keycreate >>>>> >>>> Can we use prctl() interface instead of /proc/$pid/attr/$lsmname.$type ? >>>> I simply don't want to see flood of entries when "find /proc/" runs. ;-) >>>> >>>> prctl() can tell the caller whether specified LSM is enabled/presented or not >>>> via its return value. >>> I don't much care for or understand Casey's reason for using selinux.* >>> instead of selinux/* >> I asked opinions and all I heard were crickets. It's an easy change. >> Does anyone else have a preference? > Like Eric, I prefer directories. It complicates things slightly > because then LSMs can't be named "current", etc... I have been digging at the code and "selinux.current" is a whole lot simpler than "selinux/current". fs/proc/base.c is where to look at the code. For now I'm sticking with my original plan. If someone cares enough to suggest an implementation, I'm wide open to it. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
