On Thursday, August 01, 2013 03:15:00 PM Casey Schaufler wrote: > On 8/1/2013 2:30 PM, Paul Moore wrote: > > On Thursday, August 01, 2013 11:52:14 AM Casey Schaufler wrote: > >> On 8/1/2013 11:35 AM, Paul Moore wrote: > >>> Okay, so if I understand everything correctly, there are no new entries > >>> in > >>> /proc relating specifically to NetLabel, XFRM, or Secmark; although > >>> there > >>> are new LSM specific entries for the general /proc entries that exist > >>> now. Yes? > >> > >> That's correct. > >> > >> There is /sys/kernel/security/present, which tells you which LSM is going > >> to show up in /proc/.../attr/current. > >> > >> Should we have /sys/kernel/security/XFRM, /sys/kernel/security/secmark, > >> /sys/kernel/security/NetLabel and /sys/kernel/security/SO_PEERCRED? > > > > Maybe. > > > > While they might be helpful, I'm not 100% certain they are needed and > > further I'm not sure they are the "right" solution at this point. Any > > thoughts, both for and against, are welcome. > > What might be a more correct solution? Assuming, of course, that there's > a real problem. Well, like I said, I'm not sure they are needed in the first place, in other words, I'm not sure there is a problem. As for the correct solution, I think we need to understand the problem, if there is one, before we can understand the solution. How is that for an answer? :) In short, I think we are best leaving them out until something comes along which requires that we add the /proc entries. -- paul moore www.paul-moore.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
