diff options
Diffstat (limited to 'man/man5/proc_pid_attr.5')
| -rw-r--r-- | man/man5/proc_pid_attr.5 | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/man/man5/proc_pid_attr.5 b/man/man5/proc_pid_attr.5 new file mode 100644 index 000000000..f005a3b5e --- /dev/null +++ b/man/man5/proc_pid_attr.5 @@ -0,0 +1,137 @@ +.\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com) +.\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com> +.\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org> +.\" +.\" SPDX-License-Identifier: GPL-3.0-or-later +.\" +.TH proc_pid_attr 5 (date) "Linux man-pages (unreleased)" +.SH NAME +/proc/pid/attr/ \- security-related attributes +.SH DESCRIPTION +.TP +.IR /proc/ pid /attr/ +.\" https://lwn.net/Articles/28222/ +.\" From: Stephen Smalley <sds@epoch.ncsc.mil> +.\" To: LKML and others +.\" Subject: [RFC][PATCH] Process Attribute API for Security Modules +.\" Date: 08 Apr 2003 16:17:52 -0400 +.\" +.\" http://www.nsa.gov/research/_files/selinux/papers/module/x362.shtml +.\" +The files in this directory provide an API for security modules. +The contents of this directory are files that can be read and written +in order to set security-related attributes. +This directory was added to support SELinux, +but the intention was that the API be general enough to support +other security modules. +For the purpose of explanation, +examples of how SELinux uses these files are provided below. +.IP +This directory is present only if the kernel was configured with +.BR CONFIG_SECURITY . +.TP +.IR /proc/ pid /attr/current " (since Linux 2.6.0)" +The contents of this file represent the current +security attributes of the process. +.IP +In SELinux, this file is used to get the security context of a process. +Prior to Linux 2.6.11, this file could not be used to set the security +context (a write was always denied), since SELinux limited process security +transitions to +.BR execve (2) +(see the description of +.IR /proc/ pid /attr/exec , +below). +Since Linux 2.6.11, SELinux lifted this restriction and began supporting +"set" operations via writes to this node if authorized by policy, +although use of this operation is only suitable for applications that are +trusted to maintain any desired separation between the old and new security +contexts. +.IP +Prior to Linux 2.6.28, SELinux did not allow threads within a +multithreaded process to set their security context via this node +as it would yield an inconsistency among the security contexts of the +threads sharing the same memory space. +Since Linux 2.6.28, SELinux lifted +this restriction and began supporting "set" operations for threads within +a multithreaded process if the new security context is bounded by the old +security context, where the bounded relation is defined in policy and +guarantees that the new security context has a subset of the permissions +of the old security context. +.IP +Other security modules may choose to support "set" operations via +writes to this node. +.TP +.IR /proc/ pid /attr/exec " (since Linux 2.6.0)" +This file represents the attributes to assign to the +process upon a subsequent +.BR execve (2). +.IP +In SELinux, +this is needed to support role/domain transitions, and +.BR execve (2) +is the preferred point to make such transitions because it offers better +control over the initialization of the process in the new security label +and the inheritance of state. +In SELinux, this attribute is reset on +.BR execve (2) +so that the new program reverts to the default behavior for any +.BR execve (2) +calls that it may make. +In SELinux, a process can set +only its own +.IR /proc/ pid /attr/exec +attribute. +.TP +.IR /proc/ pid /attr/fscreate " (since Linux 2.6.0)" +This file represents the attributes to assign to files +created by subsequent calls to +.BR open (2), +.BR mkdir (2), +.BR symlink (2), +and +.BR mknod (2) +.IP +SELinux employs this file to support creation of a file +(using the aforementioned system calls) +in a secure state, +so that there is no risk of inappropriate access being obtained +between the time of creation and the time that attributes are set. +In SELinux, this attribute is reset on +.BR execve (2), +so that the new program reverts to the default behavior for +any file creation calls it may make, but the attribute will persist +across multiple file creation calls within a program unless it is +explicitly reset. +In SELinux, a process can set only its own +.IR /proc/ pid /attr/fscreate +attribute. +.TP +.IR /proc/ pid /attr/keycreate " (since Linux 2.6.18)" +.\" commit 4eb582cf1fbd7b9e5f466e3718a59c957e75254e +If a process writes a security context into this file, +all subsequently created keys +.RB ( add_key (2)) +will be labeled with this context. +For further information, see the kernel source file +.I Documentation/security/keys/core.rst +(or file +.\" commit b68101a1e8f0263dbc7b8375d2a7c57c6216fb76 +.I Documentation/security/keys.txt +between Linux 3.0 and Linux 4.13, or +.\" commit d410fa4ef99112386de5f218dd7df7b4fca910b4 +.I Documentation/keys.txt +before Linux 3.0). +.TP +.IR /proc/ pid /attr/prev " (since Linux 2.6.0)" +This file contains the security context of the process before the last +.BR execve (2); +that is, the previous value of +.IR /proc/ pid /attr/current . +.TP +.IR /proc/ pid /attr/socketcreate " (since Linux 2.6.18)" +.\" commit 42c3e03ef6b298813557cdb997bd6db619cd65a2 +If a process writes a security context into this file, +all subsequently created sockets will be labeled with this context. +.SH SEE ALSO +.BR proc (5) |