On 8/1/2013 2:30 PM, Paul Moore wrote: > On Thursday, August 01, 2013 11:52:14 AM Casey Schaufler wrote: >> On 8/1/2013 11:35 AM, Paul Moore wrote: >>> Okay, so if I understand everything correctly, there are no new entries in >>> /proc relating specifically to NetLabel, XFRM, or Secmark; although there >>> are new LSM specific entries for the general /proc entries that exist >>> now. Yes? >> That's correct. >> >> There is /sys/kernel/security/present, which tells you which LSM is going to >> show up in /proc/.../attr/current. >> >> Should we have /sys/kernel/security/XFRM, /sys/kernel/security/secmark, >> /sys/kernel/security/NetLabel and /sys/kernel/security/SO_PEERCRED? > Maybe. > > While they might be helpful, I'm not 100% certain they are needed and further > I'm not sure they are the "right" solution at this point. Any thoughts, both > for and against, are welcome. > What might be a more correct solution? Assuming, of course, that there's a real problem. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
