From: Casey Schaufler <casey@schaufler-ca.com>
To: Joshua Brindle <method@manicmethod.com>, casey@schaufler-ca.com
Cc: akpm@osdl.org, torvalds@osdl.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, paul.moore@hp.com
Subject: Re: [PATCH] NetLabel: Introduce a new kernel configuration API for NetLabel - For 2.6.24-rc-git11 - Smack Version 10
Date: Tue, 6 Nov 2007 19:10:21 -0800 (PST) [thread overview]
Message-ID: <570441.41117.qm@web36609.mail.mud.yahoo.com> (raw)
In-Reply-To: <473119E6.7070904@manicmethod.com>
--- Joshua Brindle <method@manicmethod.com> wrote:
> Joshua Brindle wrote:
> > Casey Schaufler wrote:
> >> From: Paul Moore <paul.moore@hp.com>
> >>
> >> Add a new set of configuration functions to the NetLabel/LSM API so that
> >> LSMs can perform their own configuration of the NetLabel subsystem
> >> without
> >> relying on assistance from userspace.
> >>
> > I'm still not receiving the actual patch email on lsm (perhaps its too
> > long and should be split up..) so I'll just respond on this email.
> > Using the v10 patches on your website I'm still seeing strange
> > behavior where echo foo > /proc/self/attr/current changes the label of
> > every process on the system to foo (verified with both ps -AZ and cat
> > /proc/1/attr/current).
> >
> Actually I'm getting more strange behavior:
>
> On terminal 1 I do:
> echo foo > /proc/self/attr/current
> then ps -AZ shows foo for every process
> touch somefile; attr -S -g SMACK64 somefile says foo
>
> On terminal 2 I do:
> ps -AZ and everything shows up as _
> cat /proc/$pid of bash on term 1/attr/current is _
Now this I can explain. Every task has it's own correct
label. The problem is a missing smack_getprocattr() hook.
ps is getting the value for "current" on the current process,
not that of the named process. Interestingly, the Smack label
of /proc/<xxx>/attr/current is correct.
So the fix is to put in the smack_getprocattr() hook.
Easily accomplished. Thank you for the informative and
helpful report.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2007-11-07 3:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-03 3:58 [PATCH] NetLabel: Introduce a new kernel configuration API for NetLabel - For 2.6.24-rc-git11 - Smack Version 10 Casey Schaufler
2007-11-07 1:08 ` Joshua Brindle
2007-11-07 1:50 ` Joshua Brindle
2007-11-07 3:10 ` Casey Schaufler [this message]
2007-11-07 3:21 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=570441.41117.qm@web36609.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=method@manicmethod.com \
--cc=paul.moore@hp.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.