Commit bfe7bf31 authored by Casey Schaufler's avatar Casey Schaufler Committed by Jonathan Corbet
Browse files

docs: ABI: ABI documentation for procfs attribute files used by multiple LSMs 



Provide basic ABI descriptions for the process attribute entries
that are shared between multiple Linux security modules.

Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Link: https://lore.kernel.org/r/30c36660-3694-0c0d-d472-8f3b3ca4098e@schaufler-ca.com


Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
parent 7d717887

Documentation/ABI/testing/procfs-attr-current

0 → 100644
+20 −0
Original line number Diff line number Diff line 
What:		/proc/*/attr/current

Contact:	linux-security-module@vger.kernel.org,

		selinux@vger.kernel.org,

		apparmor@lists.ubuntu.com

Description:	The current security information used by a Linux

		security module (LSM) that is active on the system.

		The details of permissions required to read from

		this interface and hence obtain the security state

		of the task identified is LSM dependent.

		A process cannot write to this interface unless it

		refers to itself.

		The other details of permissions required to write to

		this interface and hence change the security state of

		the task identified are LSM dependent.

		The format of the data used by this interface is LSM

		dependent.

		SELinux, Smack and AppArmor provide this interface.

Users:		SELinux user-space

		Smack user-space

		AppArmor user-space

Documentation/ABI/testing/procfs-attr-exec

0 → 100644
+20 −0
Original line number Diff line number Diff line 
What:		/proc/*/attr/exec

Contact:	linux-security-module@vger.kernel.org,

		selinux@vger.kernel.org,

		apparmor@lists.ubuntu.com

Description:	The security information to be used on the process

		by a Linux security module (LSM) active on the system

		after a subsequent exec() call.

		The details of permissions required to read from

		this interface and hence obtain the security state

		of the task identified is LSM dependent.

		A process cannot write to this interface unless it

		refers to itself.

		The other details of permissions required to write to

		this interface and hence change the security state of

		the task identified are LSM dependent.

		The format of the data used by this interface is LSM

		dependent.

		SELinux and AppArmor provide this interface.

Users:		SELinux user-space

		AppArmor user-space

Documentation/ABI/testing/procfs-attr-prev

0 → 100644
+19 −0
Original line number Diff line number Diff line 
What:		/proc/*/attr/prev

Contact:	linux-security-module@vger.kernel.org,

		selinux@vger.kernel.org,

		apparmor@lists.ubuntu.com

Description:	The security information used on the process by

		a Linux security module (LSM) active on the system

		prior to the most recent exec() call.

		The details of permissions required to read from

		this interface is LSM dependent.

		A process cannot write to this interface unless it

		refers to itself.

		The other details of permissions required to write to

		this interface are LSM dependent.

		The format of the data used by this interface is LSM

		dependent.

		SELinux and AppArmor provide this interface.

Users:		SELinux user-space

		AppArmor user-space

CRA Git | Maintained and supported by SUSTech CRA and CCSE