diff options
Diffstat (limited to 'man5/proc_pid_attr.5')
| -rw-r--r-- | man5/proc_pid_attr.5 | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/man5/proc_pid_attr.5 b/man5/proc_pid_attr.5 index f005a3b5e..c228e4657 100644 --- a/man5/proc_pid_attr.5 +++ b/man5/proc_pid_attr.5 @@ -38,7 +38,7 @@ In SELinux, this file is used to get the security context of a process. Prior to Linux 2.6.11, this file could not be used to set the security context (a write was always denied), since SELinux limited process security transitions to -.BR execve (2) +.MR execve 2 (see the description of .IR /proc/ pid /attr/exec , below). @@ -65,18 +65,18 @@ writes to this node. .IR /proc/ pid /attr/exec " (since Linux 2.6.0)" This file represents the attributes to assign to the process upon a subsequent -.BR execve (2). +.MR execve 2 . .IP In SELinux, this is needed to support role/domain transitions, and -.BR execve (2) +.MR execve 2 is the preferred point to make such transitions because it offers better control over the initialization of the process in the new security label and the inheritance of state. In SELinux, this attribute is reset on -.BR execve (2) +.MR execve 2 so that the new program reverts to the default behavior for any -.BR execve (2) +.MR execve 2 calls that it may make. In SELinux, a process can set only its own @@ -86,11 +86,11 @@ attribute. .IR /proc/ pid /attr/fscreate " (since Linux 2.6.0)" This file represents the attributes to assign to files created by subsequent calls to -.BR open (2), -.BR mkdir (2), -.BR symlink (2), +.MR open 2 , +.MR mkdir 2 , +.MR symlink 2 , and -.BR mknod (2) +.MR mknod 2 .IP SELinux employs this file to support creation of a file (using the aforementioned system calls) @@ -98,7 +98,7 @@ in a secure state, so that there is no risk of inappropriate access being obtained between the time of creation and the time that attributes are set. In SELinux, this attribute is reset on -.BR execve (2), +.MR execve 2 , so that the new program reverts to the default behavior for any file creation calls it may make, but the attribute will persist across multiple file creation calls within a program unless it is @@ -111,7 +111,8 @@ attribute. .\" commit 4eb582cf1fbd7b9e5f466e3718a59c957e75254e If a process writes a security context into this file, all subsequently created keys -.RB ( add_key (2)) +\%(\c +.MR add_key 2 ) will be labeled with this context. For further information, see the kernel source file .I Documentation/security/keys/core.rst @@ -125,7 +126,7 @@ before Linux 3.0). .TP .IR /proc/ pid /attr/prev " (since Linux 2.6.0)" This file contains the security context of the process before the last -.BR execve (2); +.MR execve 2 ; that is, the previous value of .IR /proc/ pid /attr/current . .TP @@ -134,4 +135,4 @@ that is, the previous value of If a process writes a security context into this file, all subsequently created sockets will be labeled with this context. .SH SEE ALSO -.BR proc (5) +.MR proc 5 |