On Tue, Sep 11, 2018 at 09:41:32AM -0700, Casey Schaufler wrote:
> Back in 2007 I made what turned out to be a rather serious
> mistake in the implementation of the Smack security module.
> The SELinux module used an interface in /proc to manipulate
> the security context on processes. Rather than use a similar
> interface, I used the same interface. The AppArmor team did
> likewise. Now /proc/.../attr/current will tell you the
> security "context" of the process, but it will be different
> depending on the security module you're using.
>
> This patch provides a subdirectory in /proc/.../attr for
> Smack. Smack user space can use the "current" file in
> this subdirectory and never have to worry about getting
> SELinux attributes by mistake. Programs that use the
> old interface will continue to work (or fail, as the case
> may be) as before.
>
Did downstream distributions already merge the stacking patches on
their own?
Got a little-bit confused after reading the log above; I already see
this in in Ubuntu 18.04.1 LTS, v4.15.0-33-generic:
$ tree /proc/self/attr/
/proc/self/attr/
├── apparmor
│ ├── current
│ ├── exec
│ └── prev
├── current
├── display_lsm
├── exec
├── fscreate
├── keycreate
├── prev
├── selinux
│ ├── current
│ ├── exec
│ ├── fscreate
│ ├── keycreate
│ ├── prev
│ └── sockcreate
├── smack
│ └── current
└── sockcreate
Thanks,
--
Darwi
http://darwish.chasingpointers.com
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
