forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: ABI: ABI documentation for procfs attribute files used by multi…
…ple LSMs Provide basic ABI descriptions for the process attribute entries that are shared between multiple Linux security modules. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Link: https://lore.kernel.org/r/30c36660-3694-0c0d-d472-8f3b3ca4098e@schaufler-ca.com Signed-off-by: Jonathan Corbet <corbet@lwn.net>
- Loading branch information
1 parent
7d71788
commit bfe7bf3
Showing
3 changed files
with
59 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| What: /proc/*/attr/current | ||
| Contact: linux-security-module@vger.kernel.org, | ||
| selinux@vger.kernel.org, | ||
| apparmor@lists.ubuntu.com | ||
| Description: The current security information used by a Linux | ||
| security module (LSM) that is active on the system. | ||
| The details of permissions required to read from | ||
| this interface and hence obtain the security state | ||
| of the task identified is LSM dependent. | ||
| A process cannot write to this interface unless it | ||
| refers to itself. | ||
| The other details of permissions required to write to | ||
| this interface and hence change the security state of | ||
| the task identified are LSM dependent. | ||
| The format of the data used by this interface is LSM | ||
| dependent. | ||
| SELinux, Smack and AppArmor provide this interface. | ||
| Users: SELinux user-space | ||
| Smack user-space | ||
| AppArmor user-space |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| What: /proc/*/attr/exec | ||
| Contact: linux-security-module@vger.kernel.org, | ||
| selinux@vger.kernel.org, | ||
| apparmor@lists.ubuntu.com | ||
| Description: The security information to be used on the process | ||
| by a Linux security module (LSM) active on the system | ||
| after a subsequent exec() call. | ||
| The details of permissions required to read from | ||
| this interface and hence obtain the security state | ||
| of the task identified is LSM dependent. | ||
| A process cannot write to this interface unless it | ||
| refers to itself. | ||
| The other details of permissions required to write to | ||
| this interface and hence change the security state of | ||
| the task identified are LSM dependent. | ||
| The format of the data used by this interface is LSM | ||
| dependent. | ||
| SELinux and AppArmor provide this interface. | ||
| Users: SELinux user-space | ||
| AppArmor user-space |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| What: /proc/*/attr/prev | ||
| Contact: linux-security-module@vger.kernel.org, | ||
| selinux@vger.kernel.org, | ||
| apparmor@lists.ubuntu.com | ||
| Description: The security information used on the process by | ||
| a Linux security module (LSM) active on the system | ||
| prior to the most recent exec() call. | ||
| The details of permissions required to read from | ||
| this interface is LSM dependent. | ||
| A process cannot write to this interface unless it | ||
| refers to itself. | ||
| The other details of permissions required to write to | ||
| this interface are LSM dependent. | ||
| The format of the data used by this interface is LSM | ||
| dependent. | ||
| SELinux and AppArmor provide this interface. | ||
| Users: SELinux user-space | ||
| AppArmor user-space | ||
|
|