From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751870AbbE0JgX (ORCPT ); Wed, 27 May 2015 05:36:23 -0400 Received: from mailout3.w1.samsung.com ([210.118.77.13]:10373 "EHLO mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751154AbbE0JgR (ORCPT ); Wed, 27 May 2015 05:36:17 -0400 X-AuditID: cbfec7f4-f79c56d0000012ee-14-5565900e08e4 Message-id: <1432719372.1784.4.camel@samsung.com> Subject: Re: [PATCH v2 0/7] Smack namespace From: Lukasz Pawelczyk To: Stephen Smalley Cc: "David S. Miller" , "Eric W. Biederman" , "Kirill A. Shutemov" , "Serge E. Hallyn" , Al Viro , Alexey Dobriyan , Andrew Morton , Andy Lutomirski , Casey Schaufler , David Howells , Fabian Frederick , Greg KH , James Morris , Jeff Layton , Jingoo Han , Joe Perches , John Johansen , Jonathan Corbet , Kees Cook , Mauro Carvalho Chehab , Miklos Szeredi , Oleg Nesterov , Paul Moore , Tetsuo Handa , Zefan Li , Rafal Krypa , linux-doc@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, containers@lists.linux-foundation.org, Lukasz Pawelczyk Date: Wed, 27 May 2015 11:36:12 +0200 In-reply-to: <556484BD.2060004@tycho.nsa.gov> References: <1432209222-8479-1-git-send-email-l.pawelczyk@samsung.com> <1432557162-19123-1-git-send-email-l.pawelczyk@samsung.com> <556484BD.2060004@tycho.nsa.gov> Content-type: text/plain; charset=UTF-8 X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) MIME-version: 1.0 Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA02SW0iTYRjHe/cd9m21/JppL9nB1onMTCvioaK8Cb5OYJEX5UUt/VLRqWwq Vjer7GS5bEOybYo2D7UmlpnoxJIZKiRuppgrcjBtKaadBK1RtgOBd//3/f9+7/NcvAwhLaFW MulZubwyS54po8Xkm7/dg9uWlvCJsYMjoXD/8mEwNlhoGGn+TYOldoKGsY4bCIz2QhKmr3hJ mG8uFEKR9xcNV00NNMxPRoNm9AQMVL2lwDLnQmBwjZLQM3ONht7bCrDcqyLg+exNGqquV5Mw YDXS8O2OmwbtzWIhPKlXU/DEUwCetmcEvHh1DcEH7X0SDIXTFExpHxHQ2WYiwO7oE4L9TzcV v45zfflDcnp1Mc0Z1P0k1/TYKeBa9R+F3FDbKa7w9RTFtdabBVxPmZfkXpVbhJxuuA5xJo2O 4r5/eu8T7vrY+vZxxM2Yh4iEiNPifSl8Zno+r9y+/6w4bd5eR+T0Cgua7uSq0V+qCIkYzO7C D/orUDCHY8dIA12ExIyUrUH4ffMDFDz8RNjTN0n6KQkbh9t+agX+HMpuxcOd7YGXaDYWzzra CX9ezm7GtZ/LAjLBukR4TKMPFCS7ET+tMQcEEbsNdzXbqOCEOoSrWz1Cf0H4bG3FQ5/A+HaK xk5nSnDwMjynGyGDyFr83DJFlCBWv8DQL8D0C7BKRJhRGJ+XnKM6l6qIi1HJFaq8rNSY5GxF Iwr+k5kWZOraY0Msg2RLJB0RfKKUkuerLihsCDOEbLnkSJHvSpIiv3CRV2afUeZl8iobimBI 2QpJufXrSSmbKs/lM3g+h1f+bwWMaKUaydNKdaLajiR0fJja23g933zJIXVY51pW8N9rdm7Z VN6S3DJ7LNyZcMMmrVt6NH7soObcebcuY+PE+rJG4/iO246Xce5Dayo3OH5krCs19Revntxt HY2sYfl370K8kerWYyF3XUkHvD/cCdbE9bc0q2IWG9TOqOFFZ55Bimxgb5iMVKXJ46IIpUr+ D2OgPngjAwAA Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote: > On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote: > > --- Usage --- > > > > Smack namespace is written using LSM hooks inside user namespace. That > > means it's connected to it. > > > > To create a new Smack namespace you need to unshare() user namespace > > as usual. If that is all you do though, than there is no difference to > > what is now. To activate the Smack namespace you need to fill the > > labels' map. It is in a file /proc/$PID/smack_map. > > This should be /proc/$PID/attr/label_map or similar, modeled after the > existing /proc/$PID/attr/current and similar nodes. Then it isn't > module-specific and can be reused for other modules. To make this generic I'll have to introduce new LSH hooks to handle this file (much like /proc/$PID/attr/current). I take this is what you had in mind. -- Lukasz Pawelczyk Samsung R&D Institute Poland Samsung Electronics