• Casey Schaufler's avatar
    procfs: add smack subdir to attrs · 6d9c939d
    Casey Schaufler authored
    Back in 2007 I made what turned out to be a rather serious
    mistake in the implementation of the Smack security module.
    The SELinux module used an interface in /proc to manipulate
    the security context on processes. Rather than use a similar
    interface, I used the same interface. The AppArmor team did
    likewise. Now /proc/.../attr/current will tell you the
    security "context" of the process, but it will be different
    depending on the security module you're using.
    
    This patch provides a subdirectory in /proc/.../attr for
    Smack. Smack user space can use the "current" file in
    this subdirectory and never have to worry about getting
    SELinux attributes by mistake. Programs that use the
    old interface will continue to work (or fail, as the case
    may be) as before.
    
    The proposed S.A.R.A security module is dependent on
    the mechanism to create its own attr subdirectory.
    
    The original implementation is by Kees Cook.
    Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    6d9c939d
internal.h 8.84 KB