Re: [1/1][PATCH] nproc v2: netlink access to /proc information

[Roger Luethi]

On Thu, 09 Sep 2004 10:22:00 -0700, William Lee Irwin III wrote:
> On Thu, Sep 09, 2004 at 07:53:31AM -0400, Stephen Smalley wrote:
> > They aren't world readable when using a security module like SELinux;
> > they are then typically only accessible by processes in the same
> > security domain, aside from processes in privileged domains. 
> > security_task_to_inode() hook sets the security attributes on the
> > /proc/pid inodes based on their security context, and then
> > security_inode_permission() hook controls access to them.  So you need
> > at least comparable controls.
> 
> Can you make a more specific suggestion regarding the controls to use?
> It's a bit awkward for those highly unfamiliar with the subsystem to

For the same reason, I'm not comfortable with implementing SELinux type
access controls myself. How about:

config NPROC
	depends on !SECURITY_SELINUX

Adding access control later won't be a problem for anyone who groks
SELinux.

Roger
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/