[PATCH 01/10] procfs: add smack subdir to attrs

[PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
[PATCH 06/10] LSM: Infrastructure management of the file security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 06/10] LSM: Infrastructure management of the file security blob · Kees Cook <hidden> · 2018-09-13
[PATCH 07/10] SELinux: Abstract use of inode security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 07/10] SELinux: Abstract use of inode security blob · Kees Cook <hidden> · 2018-09-13
[PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-13
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Paul Moore <paul@paul-moore.com> · 2018-09-13
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-13
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Paul Moore <paul@paul-moore.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Paul Moore <paul@paul-moore.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · John Johansen <john.johansen@canonical.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-15
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-15
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · James Morris <jmorris@namei.org> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · John Johansen <john.johansen@canonical.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Kees Cook <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Paul Moore <paul@paul-moore.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Jordan Glover <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Paul Moore <paul@paul-moore.com> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Jordan Glover <hidden> · 2018-09-14
Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-14
[PATCH 01/10] procfs: add smack subdir to attrs · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 01/10] procfs: add smack subdir to attrs · Ahmed S. Darwish <hidden> · 2018-09-11
Re: [PATCH 01/10] procfs: add smack subdir to attrs · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-12
Re: [PATCH 01/10] procfs: add smack subdir to attrs · Kees Cook <hidden> · 2018-09-13
[PATCH 02/10] Smack: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 02/10] Smack: Abstract use of cred security blob · Kees Cook <hidden> · 2018-09-13
[PATCH 03/10] SELinux: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 03/10] SELinux: Abstract use of cred security blob · Kees Cook <hidden> · 2018-09-13
[PATCH 04/10] LSM: Infrastructure management of the cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 04/10] LSM: Infrastructure management of the cred security blob · Kees Cook <hidden> · 2018-09-13
Re: [PATCH 04/10] LSM: Infrastructure management of the cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-14
Re: [PATCH 04/10] LSM: Infrastructure management of the cred security blob · Kees Cook <hidden> · 2018-09-14
[PATCH 05/10] SELinux: Abstract use of file security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 05/10] SELinux: Abstract use of file security blob · Kees Cook <hidden> · 2018-09-13
[PATCH 08/10] Smack: Abstract use of inode security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 08/10] Smack: Abstract use of inode security blob · Kees Cook <hidden> · 2018-09-13
[PATCH 09/10] LSM: Infrastructure management of the inode security · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-11
Re: [PATCH 09/10] LSM: Infrastructure management of the inode security · Kees Cook <hidden> · 2018-09-13
Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock · James Morris <jmorris@namei.org> · 2018-09-12
Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock · James Morris <jmorris@namei.org> · 2018-09-13
Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock · Salvatore Mesoraca <hidden> · 2018-09-16
Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-16
Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock · Salvatore Mesoraca <hidden> · 2018-09-16

From: Ahmed S. Darwish <hidden>
Date: 2018-09-11 23:45:45
Also in: lkml, selinux

On Tue, Sep 11, 2018 at 09:41:32AM -0700, Casey Schaufler wrote:

Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an interface in /proc to manipulate
the security context on processes. Rather than use a similar
interface, I used the same interface. The AppArmor team did
likewise. Now /proc/.../attr/current will tell you the
security "context" of the process, but it will be different
depending on the security module you're using.

This patch provides a subdirectory in /proc/.../attr for
Smack. Smack user space can use the "current" file in
this subdirectory and never have to worry about getting
SELinux attributes by mistake. Programs that use the
old interface will continue to work (or fail, as the case
may be) as before.

Did downstream distributions already merge the stacking patches on
their own?

Got a little-bit confused after reading the log above; I already see
this in in Ubuntu 18.04.1 LTS, v4.15.0-33-generic:

    $ tree /proc/self/attr/
    /proc/self/attr/
    ??? apparmor
    ??? ??? current
    ??? ??? exec
    ??? ??? prev
    ??? current
    ??? display_lsm
    ??? exec
    ??? fscreate
    ??? keycreate
    ??? prev
    ??? selinux
    ??? ??? current
    ??? ??? exec
    ??? ??? fscreate
    ??? ??? keycreate
    ??? ??? prev
    ??? ??? sockcreate
    ??? smack
    ??? ??? current
    ??? sockcreate

Thanks,

--
Darwi
http://darwish.chasingpointers.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help