On 7/27/20 1:36 PM, James Morris wrote: > On Fri, 24 Jul 2020, Casey Schaufler wrote: > >> Create a new entry "display" in the procfs attr directory for >> controlling which LSM security information is displayed for a >> process. A process can only read or write its own display value. >> >> The name of an active LSM that supplies hooks for >> human readable data may be written to "display" to set the >> value. The name of the LSM currently in use can be read from >> "display". At this point there can only be one LSM capable >> of display active. A helper function lsm_task_display() is >> provided to get the display slot for a task_struct. >> >> Setting the "display" requires that all security modules using >> setprocattr hooks allow the action. Each security module is >> responsible for defining its policy. >> >> AppArmor hook provided by John Johansen <[email protected]> >> SELinux hook provided by Stephen Smalley <[email protected]> >> >> Reviewed-by: Kees Cook <[email protected]> >> Acked-by: Stephen Smalley <[email protected]> >> Acked-by: Paul Moore <[email protected]> >> Signed-off-by: Casey Schaufler <[email protected]> > > jj: do you have any review/feedback on this? > yeah, I am working my way through it today
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
