Re: [1/1][PATCH] nproc v2: netlink access to /proc information

[Chris Wright]

* Roger Luethi (rl@xxxxxxxxxxx) wrote:
> On Thu, 09 Sep 2004 10:22:00 -0700, William Lee Irwin III wrote:
> > On Thu, Sep 09, 2004 at 07:53:31AM -0400, Stephen Smalley wrote:
> > > They aren't world readable when using a security module like SELinux;
> > > they are then typically only accessible by processes in the same
> > > security domain, aside from processes in privileged domains. 
> > > security_task_to_inode() hook sets the security attributes on the
> > > /proc/pid inodes based on their security context, and then
> > > security_inode_permission() hook controls access to them.  So you need
> > > at least comparable controls.
> > 
> > Can you make a more specific suggestion regarding the controls to use?
> > It's a bit awkward for those highly unfamiliar with the subsystem to
> 
> For the same reason, I'm not comfortable with implementing SELinux type
> access controls myself. How about:
> 
> config NPROC
> 	depends on !SECURITY_SELINUX
> 
It's not just SELinux, it's any security module (i.e. CONFIG_SECURITY for
starters).

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/