YAMAMOTO Takashi wrote:
>>>> proc_isunder() should be in the secmodel.
>>> do you mean chroot(8) should be a part of secmodel?
>> it already kinda is. we don't provide any context (yet) but there is
>> a chroot action. I would like to move proc_isunder() to the secmodel
>> code, yes.
> 
> i don't see how it could be done efficiently.

are you talking about the entire chroot mechanism or just chroot
enforcement for the four subsystems in question?

>>>>> does it mean to prohibit even reading of init's status if securelevel >= 0?
>>>> yeah. can change, but again, we need to pass more context.
>>> why don't you pass the necessary context?
>> we have two args to play with. assuming they all need the tracer too,
>> that leaves us with one argument free. that's not enough for at least
>> procfs. if I can shift the subsystem to the action itself, as I
>> suggested, I can pass more context.
> 
> what's necessary to keep the current behaviour is only <r/w>, isn't it?

the goal is not just to keep current behavior, but both that and
allowing finer-grained control, assuming one may wish to do so. the
latest patch posted achieves that.

-e.

-- 
Elad Efrat