> >> proc_isunder() should be in the secmodel.
> > 
> > do you mean chroot(8) should be a part of secmodel?
> 
> it already kinda is. we don't provide any context (yet) but there is
> a chroot action. I would like to move proc_isunder() to the secmodel
> code, yes.

i don't see how it could be done efficiently.

> >>> does it mean to prohibit even reading of init's status if securelevel >= 0?
> >> yeah. can change, but again, we need to pass more context.
> > 
> > why don't you pass the necessary context?
> 
> we have two args to play with. assuming they all need the tracer too,
> that leaves us with one argument free. that's not enough for at least
> procfs. if I can shift the subsystem to the action itself, as I
> suggested, I can pass more context.

what's necessary to keep the current behaviour is only <r/w>, isn't it?

YAMAMOTO Takashi