On Fri, 24 Jul 2020, Casey Schaufler wrote: > Create a new entry "display" in the procfs attr directory for > controlling which LSM security information is displayed for a > process. A process can only read or write its own display value. > > The name of an active LSM that supplies hooks for > human readable data may be written to "display" to set the > value. The name of the LSM currently in use can be read from > "display". At this point there can only be one LSM capable > of display active. A helper function lsm_task_display() is > provided to get the display slot for a task_struct. > > Setting the "display" requires that all security modules using > setprocattr hooks allow the action. Each security module is > responsible for defining its policy. > > AppArmor hook provided by John Johansen <[email protected]> > SELinux hook provided by Stephen Smalley <[email protected]> > > Reviewed-by: Kees Cook <[email protected]> > Acked-by: Stephen Smalley <[email protected]> > Acked-by: Paul Moore <[email protected]> > Signed-off-by: Casey Schaufler <[email protected]>
jj: do you have any review/feedback on this? -- James Morris <[email protected]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
