From bfe7bf311497815d7c7a21f97598b8e9cb47cb52 Mon Sep 17 00:00:00 2001 From: Casey Schaufler Date: Tue, 10 Nov 2020 09:28:41 -0800 Subject: docs: ABI: ABI documentation for procfs attribute files used by multiple LSMs Provide basic ABI descriptions for the process attribute entries that are shared between multiple Linux security modules. Signed-off-by: Casey Schaufler Link: https://lore.kernel.org/r/30c36660-3694-0c0d-d472-8f3b3ca4098e@schaufler-ca.com Signed-off-by: Jonathan Corbet --- Documentation/ABI/testing/procfs-attr-exec | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 Documentation/ABI/testing/procfs-attr-exec (limited to 'Documentation/ABI/testing/procfs-attr-exec') diff --git a/Documentation/ABI/testing/procfs-attr-exec b/Documentation/ABI/testing/procfs-attr-exec new file mode 100644 index 000000000000..34593866a7ab --- /dev/null +++ b/Documentation/ABI/testing/procfs-attr-exec @@ -0,0 +1,20 @@ +What: /proc/*/attr/exec +Contact: linux-security-module@vger.kernel.org, + selinux@vger.kernel.org, + apparmor@lists.ubuntu.com +Description: The security information to be used on the process + by a Linux security module (LSM) active on the system + after a subsequent exec() call. + The details of permissions required to read from + this interface and hence obtain the security state + of the task identified is LSM dependent. + A process cannot write to this interface unless it + refers to itself. + The other details of permissions required to write to + this interface and hence change the security state of + the task identified are LSM dependent. + The format of the data used by this interface is LSM + dependent. + SELinux and AppArmor provide this interface. +Users: SELinux user-space + AppArmor user-space -- cgit v1.2.3