On Mon, Jul 29, 2019 at 12:22:37PM -0700, Casey Schaufler wrote: > On 7/29/2019 10:19 AM, Kees Cook wrote: > > On Fri, Jul 26, 2019 at 04:39:22PM -0700, Casey Schaufler wrote: > >> Add an entry /proc/.../attr/context which displays the full > >> process security "context" in compound format:' > >> lsm1\0value\0lsm2\0value\0... > >> This entry is not writable. > > As this is a new API, would it make sense to make this a bit more > > human readable (i.e. newlines not %NUL)? > > With the far reaching discussion about what format would be > acceptable in mind I went with Simon McVittie's suggestion. > Also note that AppArmor includes newline in attr/current, > and this way we can preserve the existing value. > It's compatible with /proc/.../cmdline and easily keesized: > > cat /proc/self/attr/context | tr '\0' '\n' Okay, cool. I suspected it must be the result of so many bike sheds but I couldn't quite find those memories. > > (And if not, please justify the > > reasoning in the commit log). > > Good idea. Thanks! It'll help my poor brain. :) -- Kees Cook
