On Thursday, August 01, 2013 11:52:14 AM Casey Schaufler wrote: > On 8/1/2013 11:35 AM, Paul Moore wrote: > > Okay, so if I understand everything correctly, there are no new entries in > > /proc relating specifically to NetLabel, XFRM, or Secmark; although there > > are new LSM specific entries for the general /proc entries that exist > > now. Yes? > > That's correct. > > There is /sys/kernel/security/present, which tells you which LSM is going to > show up in /proc/.../attr/current. > > Should we have /sys/kernel/security/XFRM, /sys/kernel/security/secmark, > /sys/kernel/security/NetLabel and /sys/kernel/security/SO_PEERCRED? Maybe. While they might be helpful, I'm not 100% certain they are needed and further I'm not sure they are the "right" solution at this point. Any thoughts, both for and against, are welcome. -- paul moore www.paul-moore.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
