Re: [PATCH v14 3/6] LSM: Explicit individual LSM associations

From: Paul Moore
Date: Thu Aug 01 2013 - 17:30:41 EST

On Thursday, August 01, 2013 11:52:14 AM Casey Schaufler wrote:
> On 8/1/2013 11:35 AM, Paul Moore wrote:
> > Okay, so if I understand everything correctly, there are no new entries in
> > /proc relating specifically to NetLabel, XFRM, or Secmark; although there
> > are new LSM specific entries for the general /proc entries that exist
> > now. Yes?
> That's correct.
> There is /sys/kernel/security/present, which tells you which LSM is going to
> show up in /proc/.../attr/current.
> Should we have /sys/kernel/security/XFRM, /sys/kernel/security/secmark,
> /sys/kernel/security/NetLabel and /sys/kernel/security/SO_PEERCRED?


While they might be helpful, I'm not 100% certain they are needed and further
I'm not sure they are the "right" solution at this point. Any thoughts, both
for and against, are welcome.

paul moore

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at