On 6/1/2017 4:38 PM, James Morris wrote: > On Thu, 1 Jun 2017, Casey Schaufler wrote: > >> Subject: [PATCH] procfs: add smack subdir to attrs > Is there value in this without major stacking support?
Yes. If a Smack aware application reads /proc/self/attr/current it has no way to know if what it sees is a Smack label or an SELinux context. True, the application can look elsewhere (i.e. /sys/kernel/security/lsm) to find out which is enabled. But the real fix is for Smack to use a different interface than SELinux. Which is what this does. True, it will be even more important when/if major stacking comes in, but it is still significant now, and I would like to have it regardless of the future acceptance of major stacking.
