Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751177AbdFBAAa (ORCPT <rfc822;w@1wt.eu>);
        Thu, 1 Jun 2017 20:00:30 -0400
Received: from nm21-vm6.bullet.mail.ne1.yahoo.com ([98.138.91.114]:56547 "EHLO
        nm21-vm6.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751116AbdFBAA3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 1 Jun 2017 20:00:29 -0400
X-Yahoo-Newman-Id: 228334.91497.bm@smtp207.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: _pkswLgVM1nUmwOFEtxhVKu5DnVzcNvU5N0MRHpXzaLxlk6
 jmmlWk7bExBWaK0l4u1a1V4vy1FLJ9EOtqJNurc6gvT1KkHXCztiaw.RKlLY
 sr680QcbxERkIeCN2X8YGApIgM3K75mpXsjvc4qv.Rn5FmOQAOU2a6D5eopd
 wesiSJTz1.3gD6n03hwZPh9T1Wlvz6XuR9ALBZoRa9sDL0DITNPTGqNinE8_
 IRrO2ENFcsekcF7uLA39UQ7ZOcmqEhJOyfboeaV5QUTwYTVkoSn6JXSoYcVi
 gJrjObGagFTalXnIYlL0JEJKH5yzIdzSL5I7Pn_eobB5j5YLpsfnlFSE0dmS
 SWUuVvi9v6REgEDxTIPdab.31XACZqm_Xq8VRmx_MxEG9_phD_WghpiT7deJ
 iHuTxmILLjD7au.h6D5VaVj.QS2J7BJaYvNqFT6Hf7mpyDPi11RwqdQUQduk
 H__.alwBI3YyVWe.xsAyI7QFEL.x0Us5rNk9DMPHY1xj2D253uGZ9fIXVuna
 RrQkOH8lWT6Zr9cnKNerC6njP3Dsc2VyYtmhciEkwYmi5kFTdlI5yleaAj6c
 4xH_V
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
Subject: Re: [PATCH] procfs: add smack subdir to attrs
To: James Morris <jmorris@namei.org>
Cc: LKLM <linux-kernel@vger.kernel.org>,
        LSM <linux-security-module@vger.kernel.org>
References: <d2876592-e13a-b407-15b0-bdf9b0d49f75@schaufler-ca.com>
 <alpine.LRH.2.20.1706020937290.16910@namei.org>
From: Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <76f4dd96-76ca-a7ec-313a-b8ab72b0181f@schaufler-ca.com>
Date: Thu, 1 Jun 2017 16:59:24 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.20.1706020937290.16910@namei.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 729
Lines: 15

On 6/1/2017 4:38 PM, James Morris wrote:
> On Thu, 1 Jun 2017, Casey Schaufler wrote:
>
>> Subject: [PATCH] procfs: add smack subdir to attrs
> Is there value in this without major stacking support?

Yes. If a Smack aware application reads /proc/self/attr/current
it has no way to know if what it sees is a Smack label or an
SELinux context. True, the application can look elsewhere
(i.e. /sys/kernel/security/lsm) to find out which is enabled.
But the real fix is for Smack to use a different interface
than SELinux. Which is what this does. True, it will be even
more important when/if major stacking comes in, but it is still
significant now, and I would like to have it regardless of
the future acceptance of major stacking.