On Thursday, August 01, 2013 03:15:00 PM Casey Schaufler wrote: > On 8/1/2013 2:30 PM, Paul Moore wrote: > > On Thursday, August 01, 2013 11:52:14 AM Casey Schaufler wrote: > >> On 8/1/2013 11:35 AM, Paul Moore wrote: > >>> Okay, so if I understand everything correctly, there are no new entries > >>> in > >>> /proc relating specifically to NetLabel, XFRM, or Secmark; although > >>> there > >>> are new LSM specific entries for the general /proc entries that exist > >>> now. Yes? > >> > >> That's correct. > >> > >> There is /sys/kernel/security/present, which tells you which LSM is going > >> to show up in /proc/.../attr/current. > >> > >> Should we have /sys/kernel/security/XFRM, /sys/kernel/security/secmark, > >> /sys/kernel/security/NetLabel and /sys/kernel/security/SO_PEERCRED? > > > > Maybe. > > > > While they might be helpful, I'm not 100% certain they are needed and > > further I'm not sure they are the "right" solution at this point. Any > > thoughts, both for and against, are welcome. > > What might be a more correct solution? Assuming, of course, that there's > a real problem.
Well, like I said, I'm not sure they are needed in the first place, in other words, I'm not sure there is a problem. As for the correct solution, I think we need to understand the problem, if there is one, before we can understand the solution. How is that for an answer? :) In short, I think we are best leaving them out until something comes along which requires that we add the /proc entries. -- paul moore www.paul-moore.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
