On 10/29/2019 7:44 AM, Simon McVittie wrote: > On Thu, 24 Oct 2019 at 13:52:16 -0700, Casey Schaufler wrote: >> Create a new entry "display" in /proc/.../attr for controlling >> which LSM security information is displayed for a process. > It still isn't immediately obvious to me from the commit message whether > the "..." stands for the pid of the process that will read LSM information, > or the pid of the process whose LSM information will be read. For all practical purposes "..." will be "self". You can read the attr/display of another process, but I don't know where that would be useful. You can't write to the attr/display of an different process. > > I believe the intended meaning was the former? So perhaps > > Create a new entry "display" in /proc/$reader/attr that controls > which LSM security information will be displayed when the process > $reader reads LSM information. > > (Note that when $reader reads /proc/$subject/attr/current for > $reader != $subject, it is /proc/$reader/attr/display that controls > what is displayed there, not /proc/$subject/attr/display.) > > The commit that introduces /proc/.../attr/context could probably > benefit from similar treatment - maybe it could be referred to as > /proc/$subject/attr/context? Thanks. I'll work on making it clearer. > > smcv
