On Fri, Jun 2, 2017 at 10:00 PM, Casey Schaufler <ca...@schaufler-ca.com> wrote:
> A 'user' attribute can be set by the file owner. A 'security' > attribute requires privilege. SELinux and Smack use 'security' > attributes to prevent users from mucking with them. You need > to create module hooks for manipulating them, That's nice and clear, I appreciate you explaining it to me. I'll have a go at updating my toy LSM to do that shortly. For reference I placed the patch here, but don't expect to submit it formally to lkmk as it was more an interesting learning experience: https://github.com/skx/linux/pull/1 (I did take the time to rename it from steve_lsm.c to whitelist_lsm.c though, lest I look too vain!) Steve -- https://steve.fi/
