Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S268352AbUIKWji (ORCPT ); Sat, 11 Sep 2004 18:39:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268355AbUIKWji (ORCPT ); Sat, 11 Sep 2004 18:39:38 -0400 Received: from rwcrmhc12.comcast.net ([216.148.227.85]:31220 "EHLO rwcrmhc12.comcast.net") by vger.kernel.org with ESMTP id S268352AbUIKWjg (ORCPT ); Sat, 11 Sep 2004 18:39:36 -0400 Subject: Re: [1/1][PATCH] nproc v2: netlink access to /proc information From: Albert Cahalan To: Roger Luethi Cc: Stephen Smalley , William Lee Irwin III , Andrew Morton OSDL , lkml , Albert Cahalan , "Martin J. Bligh" , Paul Jackson , James Morris , Chris Wright In-Reply-To: <20040909212507.GA32276@k3.hellgate.ch> References: <20040908184130.GA12691@k3.hellgate.ch> <1094730811.22014.8.camel@moss-spartans.epoch.ncsc.mil> <20040909172200.GX3106@holomorphy.com> <20040909175342.GA27518@k3.hellgate.ch> <1094760065.22014.328.camel@moss-spartans.epoch.ncsc.mil> <20040909205531.GA17088@k3.hellgate.ch> <20040909212507.GA32276@k3.hellgate.ch> Content-Type: text/plain Organization: Message-Id: <1094942212.1174.20.camel@cube> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 11 Sep 2004 18:36:53 -0400 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1160 Lines: 30 On Thu, 2004-09-09 at 17:25, Roger Luethi wrote: > On Thu, 09 Sep 2004 22:55:31 +0200, Roger Luethi wrote: > > I used a somewhat different approach in my development tree (not > > SELinuxy, though): Most fields were world readable, some required > > credentials. > > I forgot to mention that you can see the remnants of that approach in > : I used two bits of the field ID to define per-field > access restrictions (NPROC_PERM_USER, NPROC_PERM_ROOT). Besides the low-security and high-security choices, I'd like to see a medium-security choice. low: everybody sees everything medium: everybody sees something; privileged user sees all high: must be privileged This might mean that asking for stuff like EIP and WCHAN causes you to see fewer processes. If partial info is returned for a process, I'd like to also get a bitmap of valid fields. Special "not valid" values are a pain to deal with. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/