Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4723982imm;
        Tue, 11 Sep 2018 17:01:49 -0700 (PDT)
X-Google-Smtp-Source: ANB0Vdb26MG1+JrWeN9qKteF8Nu7rUuN9vSJq0qxjAM+yAxYLbH2CwEZFrhGRHgsIezZyYXZJTtY
X-Received: by 2002:a65:4289:: with SMTP id j9-v6mr30967806pgp.284.1536710509691;
        Tue, 11 Sep 2018 17:01:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536710509; cv=none;
        d=google.com; s=arc-20160816;
        b=keBLnx6iw0csRIFFX6XiAn8RpVvy8FChWGN/Wjm2CBmZlUphnMHcbYpxwHXgOQh2/t
         MMAvUc0GcsN3u46LMOUz+b0slEixGyH6Ws4ED2evQIaJ+okAVs86Ei3A2u/r0mMNNGPx
         4R6BFZi5N+LJGMJCCY7qWxW8cPv8e3xSGF24bOQo7FBbsuNMjWk54ytWVBOTl0xkhMmv
         sBlyPkwctf6L5xaGtRqshtY3i+txRk5Jx1FeBo6FrF0Xc2xy3haf29+ZeLofznalirSJ
         6hfJJTj92Rg+qWKEjuyWk5BBsnBxUUow/0t2Bk2Mgn9ZU61P60MisNP+h9hc7Liyq2+o
         Jz/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=BlZb2E2m29zEhi71br7CS0nSP9bPUdZqI1/hV808ZOM=;
        b=iB6Ou213h+rAywRYd3aTtLchU9yqJ/tfbm599sYjXmxdoxF9Ri2ur10TRTGrYuRP/q
         TgSAZmUjeNXtp0p5v+1yyRInsrpMQz/S+yZvPsZqPv/OMZd7U3vwxPGHhIMwyipk7T+y
         UwOnnLx5w+e4PeWBKc9lvrR4WT2YKzxgiRwfyi+wDANzoToVTElNlLrUyPOVfNduURDM
         FMad48gdFZw6xhpIM+HtqrzONgJ1opZamQ4AecaNePZVTE4vCbZbL61lTmMCpdpvljTG
         p215xmvknVDMNMcvhq/zBWkfdb9PO+WhrEaEqxN/Mt5VDoEBPxy6HEvasAM4KfVEEm/j
         21yw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=rzFLNFRm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u7-v6si20466450plr.46.2018.09.11.17.01.34;
        Tue, 11 Sep 2018 17:01:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=rzFLNFRm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727664AbeILFDK (ORCPT <rfc822;linux.htchiang@gmail.com>
        + 99 others); Wed, 12 Sep 2018 01:03:10 -0400
Received: from sonic311-29.consmr.mail.ne1.yahoo.com ([66.163.188.210]:44164
        "EHLO sonic311-29.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726073AbeILFDK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Sep 2018 01:03:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536710487; bh=BlZb2E2m29zEhi71br7CS0nSP9bPUdZqI1/hV808ZOM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=rzFLNFRmNXgHwYFW3jJgsyxTZry58o/xfo956k5Z5k09AF/vIsu8dvhMYfsNgS8RAdkI8vuqfJpW/yGY7sOuKvRV3WE12JV/hF05BQAWx4M7Wj62l5g9UWd2NFanifN4DOZ0hsX2fgR/0991kOOPSkYPQdxsfa8bjqm3oa3+1uxTYyTsix2ou+sOR/8ubAwM3h85mkMZggE3pOddhHF3b8nRJyS5O7aAwpMMrbrjLyT2mpf2WKg7nz91fg/9b2SFkulgwK4UgqSoR6DyGEJIp0KguaZ5Ta+jNoRdIhyjMSdlUgT83O6rtRRMgG6wLr+/GRmMN5NZMJ3UnePNQdAISQ==
X-YMail-OSG: QE7q0DYVM1nfAX4SFt0hot3VoXFu4_e9Ph_h1TQbNOzPY86MjWtQi8EsOqqFSXg
 CkxxpK7.3Q010JWuG2JZnzrW9EkqwzltVgPA_6Oh6efUxQYYUkIAKVDMhkP3H1q0EqdJRX5zA7Re
 5f4dVq7zlGA.Ev_tWrVMKzSk4WuQrT9peOw2qsmX7LEL8q..hWgLb7WBeM0sp5rXPWH9NEw_EJ.e
 nP.9mWDDYJrSajlBrcEMJVQJJVxQDkC9vrK86Ga_VpOyhYxCOF7LtX5gBG0H4v4LbCKaQ.yqozd5
 1uIXu.dmeCk70BfWpYwZBu1C98BXSV2uXTp.5VgNB0yRBpjK2ysZ_dCC5k5F6QnfG9RYvWbDE01r
 oOPU4GprvBIbMNEiUJd7YSa9aYwTANw0bJaRkYUM.8_5Q6pJDtWLplkBKwUQENeq.N5QWXJ2zscl
 Ck9fa4VMZROcr.WAIYBjFqX7h6HytAj.fxZ6USuKigN8zB89o8751DK6z6X43ODzvNJfG6fgx4ii
 wuHB.zy3YMQaXvSxjguvbkX1Mq5lrT0y2xDzxKM3rRjmzqg2qQigCro9KPD4Qa.jk9LOC3kOd4fc
 e2XTE3jsfOJm2Qd48NNevvHysQMl429fOYZ_N_Bzhu1QTro9dNJ6V4MESjzthXLOcqjTOuNLxZQS
 rlp_bz3xjnRmqZXWCTrMbRX3TRjlF58Ic0qL5tGwdvU9pKjVpp7o4EzEboOfNqdp65CZfMMh1qME
 iyYL5xBVF5P8XKTIWHXksUgQR1BIjNIYvg58tmvVQi3PHF4Dk5Ie9psSaXWrPyCOFNU6OAIqgWVD
 srO.wsmEh4wE2.LNFpyrchs5gSASexh.qXEvRlMutixD5kdz7.a5s0N50TKaUg71OJYW2VsEiSuL
 D8ky.1Cl5vrzkOKiqydCuYgn_ph7n.P5OondWqG6hH4zA1_k7YSmIweChnix5M4KKjHJu3LU9H4T
 Pm7D6cQwLx87GN.qwFUSjSk7lZu4QoeMGteBKowLQJTtO9HYJUuW33peJnjjnEJI9NAFkErijbaI
 9UDthws38deNgMJpUzw--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Wed, 12 Sep 2018 00:01:27 +0000
Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224])
          by smtp403.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a50e0ea40d0e5b481aefe24cc496da04;
          Wed, 12 Sep 2018 00:01:25 +0000 (UTC)
Subject: Re: [PATCH 01/10] procfs: add smack subdir to attrs
To:     "Ahmed S. Darwish" <darwish.07@gmail.com>
Cc:     LSM <linux-security-module@vger.kernel.org>,
        James Morris <jmorris@namei.org>,
        LKM <linux-kernel@vger.kernel.org>,
        SE Linux <selinux@tycho.nsa.gov>,
        John Johansen <john.johansen@canonical.com>,
        Kees Cook <keescook@chromium.org>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        "Schaufler, Casey" <casey.schaufler@intel.com>
References: <cbf848ae-a1ac-c5ab-f23b-bc9217fceebe@schaufler-ca.com>
 <c43599b8-20f6-0cc6-28d7-abff4c0d0a0d@schaufler-ca.com>
 <20180911234538.GB12337@darwi-kernel>
From:   Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <cb61a8bc-eb36-3eb9-88ab-d30c6522619b@schaufler-ca.com>
Date:   Tue, 11 Sep 2018 17:01:21 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20180911234538.GB12337@darwi-kernel>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 9/11/2018 4:45 PM, Ahmed S. Darwish wrote:
> On Tue, Sep 11, 2018 at 09:41:32AM -0700, Casey Schaufler wrote:
>> Back in 2007 I made what turned out to be a rather serious
>> mistake in the implementation of the Smack security module.
>> The SELinux module used an interface in /proc to manipulate
>> the security context on processes. Rather than use a similar
>> interface, I used the same interface. The AppArmor team did
>> likewise. Now /proc/.../attr/current will tell you the
>> security "context" of the process, but it will be different
>> depending on the security module you're using.
>>
>> This patch provides a subdirectory in /proc/.../attr for
>> Smack. Smack user space can use the "current" file in
>> this subdirectory and never have to worry about getting
>> SELinux attributes by mistake. Programs that use the
>> old interface will continue to work (or fail, as the case
>> may be) as before.
>>
> Did downstream distributions already merge the stacking patches on
> their own?

Ubuntu is leading the way with adopting the stacking patches.