Re: [PATCH v2 0/7] Smack namespace

[Lukasz Pawelczyk]

On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote:
> On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote:
> > --- Usage ---
> > 
> > Smack namespace is written using LSM hooks inside user namespace. That
> > means it's connected to it.
> > 
> > To create a new Smack namespace you need to unshare() user namespace
> > as usual. If that is all you do though, than there is no difference to
> > what is now. To activate the Smack namespace you need to fill the
> > labels' map. It is in a file /proc/$PID/smack_map.
> 
> This should be /proc/$PID/attr/label_map or similar, modeled after the
> existing /proc/$PID/attr/current and similar nodes.  Then it isn't
> module-specific and can be reused for other modules.

To make this generic I'll have to introduce new LSH hooks to handle this
file (much like /proc/$PID/attr/current).
I take this is what you had in mind.


-- 
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/