Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4723982imm; Tue, 11 Sep 2018 17:01:49 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb26MG1+JrWeN9qKteF8Nu7rUuN9vSJq0qxjAM+yAxYLbH2CwEZFrhGRHgsIezZyYXZJTtY X-Received: by 2002:a65:4289:: with SMTP id j9-v6mr30967806pgp.284.1536710509691; Tue, 11 Sep 2018 17:01:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536710509; cv=none; d=google.com; s=arc-20160816; b=keBLnx6iw0csRIFFX6XiAn8RpVvy8FChWGN/Wjm2CBmZlUphnMHcbYpxwHXgOQh2/t MMAvUc0GcsN3u46LMOUz+b0slEixGyH6Ws4ED2evQIaJ+okAVs86Ei3A2u/r0mMNNGPx 4R6BFZi5N+LJGMJCCY7qWxW8cPv8e3xSGF24bOQo7FBbsuNMjWk54ytWVBOTl0xkhMmv sBlyPkwctf6L5xaGtRqshtY3i+txRk5Jx1FeBo6FrF0Xc2xy3haf29+ZeLofznalirSJ 6hfJJTj92Rg+qWKEjuyWk5BBsnBxUUow/0t2Bk2Mgn9ZU61P60MisNP+h9hc7Liyq2+o Jz/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=BlZb2E2m29zEhi71br7CS0nSP9bPUdZqI1/hV808ZOM=; b=iB6Ou213h+rAywRYd3aTtLchU9yqJ/tfbm599sYjXmxdoxF9Ri2ur10TRTGrYuRP/q TgSAZmUjeNXtp0p5v+1yyRInsrpMQz/S+yZvPsZqPv/OMZd7U3vwxPGHhIMwyipk7T+y UwOnnLx5w+e4PeWBKc9lvrR4WT2YKzxgiRwfyi+wDANzoToVTElNlLrUyPOVfNduURDM FMad48gdFZw6xhpIM+HtqrzONgJ1opZamQ4AecaNePZVTE4vCbZbL61lTmMCpdpvljTG p215xmvknVDMNMcvhq/zBWkfdb9PO+WhrEaEqxN/Mt5VDoEBPxy6HEvasAM4KfVEEm/j 21yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=rzFLNFRm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u7-v6si20466450plr.46.2018.09.11.17.01.34; Tue, 11 Sep 2018 17:01:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=rzFLNFRm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727664AbeILFDK (ORCPT + 99 others); Wed, 12 Sep 2018 01:03:10 -0400 Received: from sonic311-29.consmr.mail.ne1.yahoo.com ([66.163.188.210]:44164 "EHLO sonic311-29.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726073AbeILFDK (ORCPT ); Wed, 12 Sep 2018 01:03:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536710487; bh=BlZb2E2m29zEhi71br7CS0nSP9bPUdZqI1/hV808ZOM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=rzFLNFRmNXgHwYFW3jJgsyxTZry58o/xfo956k5Z5k09AF/vIsu8dvhMYfsNgS8RAdkI8vuqfJpW/yGY7sOuKvRV3WE12JV/hF05BQAWx4M7Wj62l5g9UWd2NFanifN4DOZ0hsX2fgR/0991kOOPSkYPQdxsfa8bjqm3oa3+1uxTYyTsix2ou+sOR/8ubAwM3h85mkMZggE3pOddhHF3b8nRJyS5O7aAwpMMrbrjLyT2mpf2WKg7nz91fg/9b2SFkulgwK4UgqSoR6DyGEJIp0KguaZ5Ta+jNoRdIhyjMSdlUgT83O6rtRRMgG6wLr+/GRmMN5NZMJ3UnePNQdAISQ== X-YMail-OSG: QE7q0DYVM1nfAX4SFt0hot3VoXFu4_e9Ph_h1TQbNOzPY86MjWtQi8EsOqqFSXg CkxxpK7.3Q010JWuG2JZnzrW9EkqwzltVgPA_6Oh6efUxQYYUkIAKVDMhkP3H1q0EqdJRX5zA7Re 5f4dVq7zlGA.Ev_tWrVMKzSk4WuQrT9peOw2qsmX7LEL8q..hWgLb7WBeM0sp5rXPWH9NEw_EJ.e nP.9mWDDYJrSajlBrcEMJVQJJVxQDkC9vrK86Ga_VpOyhYxCOF7LtX5gBG0H4v4LbCKaQ.yqozd5 1uIXu.dmeCk70BfWpYwZBu1C98BXSV2uXTp.5VgNB0yRBpjK2ysZ_dCC5k5F6QnfG9RYvWbDE01r oOPU4GprvBIbMNEiUJd7YSa9aYwTANw0bJaRkYUM.8_5Q6pJDtWLplkBKwUQENeq.N5QWXJ2zscl Ck9fa4VMZROcr.WAIYBjFqX7h6HytAj.fxZ6USuKigN8zB89o8751DK6z6X43ODzvNJfG6fgx4ii wuHB.zy3YMQaXvSxjguvbkX1Mq5lrT0y2xDzxKM3rRjmzqg2qQigCro9KPD4Qa.jk9LOC3kOd4fc e2XTE3jsfOJm2Qd48NNevvHysQMl429fOYZ_N_Bzhu1QTro9dNJ6V4MESjzthXLOcqjTOuNLxZQS rlp_bz3xjnRmqZXWCTrMbRX3TRjlF58Ic0qL5tGwdvU9pKjVpp7o4EzEboOfNqdp65CZfMMh1qME iyYL5xBVF5P8XKTIWHXksUgQR1BIjNIYvg58tmvVQi3PHF4Dk5Ie9psSaXWrPyCOFNU6OAIqgWVD srO.wsmEh4wE2.LNFpyrchs5gSASexh.qXEvRlMutixD5kdz7.a5s0N50TKaUg71OJYW2VsEiSuL D8ky.1Cl5vrzkOKiqydCuYgn_ph7n.P5OondWqG6hH4zA1_k7YSmIweChnix5M4KKjHJu3LU9H4T Pm7D6cQwLx87GN.qwFUSjSk7lZu4QoeMGteBKowLQJTtO9HYJUuW33peJnjjnEJI9NAFkErijbaI 9UDthws38deNgMJpUzw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 12 Sep 2018 00:01:27 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp403.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a50e0ea40d0e5b481aefe24cc496da04; Wed, 12 Sep 2018 00:01:25 +0000 (UTC) Subject: Re: [PATCH 01/10] procfs: add smack subdir to attrs To: "Ahmed S. Darwish" Cc: LSM , James Morris , LKM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" References: <20180911234538.GB12337@darwi-kernel> From: Casey Schaufler Message-ID: Date: Tue, 11 Sep 2018 17:01:21 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180911234538.GB12337@darwi-kernel> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/11/2018 4:45 PM, Ahmed S. Darwish wrote: > On Tue, Sep 11, 2018 at 09:41:32AM -0700, Casey Schaufler wrote: >> Back in 2007 I made what turned out to be a rather serious >> mistake in the implementation of the Smack security module. >> The SELinux module used an interface in /proc to manipulate >> the security context on processes. Rather than use a similar >> interface, I used the same interface. The AppArmor team did >> likewise. Now /proc/.../attr/current will tell you the >> security "context" of the process, but it will be different >> depending on the security module you're using. >> >> This patch provides a subdirectory in /proc/.../attr for >> Smack. Smack user space can use the "current" file in >> this subdirectory and never have to worry about getting >> SELinux attributes by mistake. Programs that use the >> old interface will continue to work (or fail, as the case >> may be) as before. >> > Did downstream distributions already merge the stacking patches on > their own? Ubuntu is leading the way with adopting the stacking patches.