]>
Commit | Line | Data |
---|---|---|
17cec8ff AC |
1 | .\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com) |
2 | .\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com> | |
3 | .\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org> | |
4 | .\" | |
5 | .\" SPDX-License-Identifier: GPL-3.0-or-later | |
6 | .\" | |
7 | .TH proc_pid_attr 5 (date) "Linux man-pages (unreleased)" | |
8 | .SH NAME | |
9 | /proc/pid/attr/ \- security-related attributes | |
10 | .SH DESCRIPTION | |
11 | .TP | |
12 | .IR /proc/ pid /attr/ | |
13 | .\" https://lwn.net/Articles/28222/ | |
14 | .\" From: Stephen Smalley <sds@epoch.ncsc.mil> | |
15 | .\" To: LKML and others | |
16 | .\" Subject: [RFC][PATCH] Process Attribute API for Security Modules | |
17 | .\" Date: 08 Apr 2003 16:17:52 -0400 | |
18 | .\" | |
19 | .\" http://www.nsa.gov/research/_files/selinux/papers/module/x362.shtml | |
20 | .\" | |
21 | The files in this directory provide an API for security modules. | |
22 | The contents of this directory are files that can be read and written | |
23 | in order to set security-related attributes. | |
24 | This directory was added to support SELinux, | |
25 | but the intention was that the API be general enough to support | |
26 | other security modules. | |
27 | For the purpose of explanation, | |
28 | examples of how SELinux uses these files are provided below. | |
29 | .IP | |
30 | This directory is present only if the kernel was configured with | |
31 | .BR CONFIG_SECURITY . | |
32 | .TP | |
33 | .IR /proc/ pid /attr/current " (since Linux 2.6.0)" | |
34 | The contents of this file represent the current | |
35 | security attributes of the process. | |
36 | .IP | |
37 | In SELinux, this file is used to get the security context of a process. | |
38 | Prior to Linux 2.6.11, this file could not be used to set the security | |
39 | context (a write was always denied), since SELinux limited process security | |
40 | transitions to | |
41 | .BR execve (2) | |
42 | (see the description of | |
43 | .IR /proc/ pid /attr/exec , | |
44 | below). | |
45 | Since Linux 2.6.11, SELinux lifted this restriction and began supporting | |
46 | "set" operations via writes to this node if authorized by policy, | |
47 | although use of this operation is only suitable for applications that are | |
48 | trusted to maintain any desired separation between the old and new security | |
49 | contexts. | |
50 | .IP | |
51 | Prior to Linux 2.6.28, SELinux did not allow threads within a | |
52 | multithreaded process to set their security context via this node | |
53 | as it would yield an inconsistency among the security contexts of the | |
54 | threads sharing the same memory space. | |
55 | Since Linux 2.6.28, SELinux lifted | |
56 | this restriction and began supporting "set" operations for threads within | |
57 | a multithreaded process if the new security context is bounded by the old | |
58 | security context, where the bounded relation is defined in policy and | |
59 | guarantees that the new security context has a subset of the permissions | |
60 | of the old security context. | |
61 | .IP | |
62 | Other security modules may choose to support "set" operations via | |
63 | writes to this node. | |
64 | .TP | |
65 | .IR /proc/ pid /attr/exec " (since Linux 2.6.0)" | |
66 | This file represents the attributes to assign to the | |
67 | process upon a subsequent | |
68 | .BR execve (2). | |
69 | .IP | |
70 | In SELinux, | |
71 | this is needed to support role/domain transitions, and | |
72 | .BR execve (2) | |
73 | is the preferred point to make such transitions because it offers better | |
74 | control over the initialization of the process in the new security label | |
75 | and the inheritance of state. | |
76 | In SELinux, this attribute is reset on | |
77 | .BR execve (2) | |
78 | so that the new program reverts to the default behavior for any | |
79 | .BR execve (2) | |
80 | calls that it may make. | |
81 | In SELinux, a process can set | |
82 | only its own | |
83 | .IR /proc/ pid /attr/exec | |
84 | attribute. | |
85 | .TP | |
86 | .IR /proc/ pid /attr/fscreate " (since Linux 2.6.0)" | |
87 | This file represents the attributes to assign to files | |
88 | created by subsequent calls to | |
89 | .BR open (2), | |
90 | .BR mkdir (2), | |
91 | .BR symlink (2), | |
92 | and | |
93 | .BR mknod (2) | |
94 | .IP | |
95 | SELinux employs this file to support creation of a file | |
96 | (using the aforementioned system calls) | |
97 | in a secure state, | |
98 | so that there is no risk of inappropriate access being obtained | |
99 | between the time of creation and the time that attributes are set. | |
100 | In SELinux, this attribute is reset on | |
101 | .BR execve (2), | |
102 | so that the new program reverts to the default behavior for | |
103 | any file creation calls it may make, but the attribute will persist | |
104 | across multiple file creation calls within a program unless it is | |
105 | explicitly reset. | |
106 | In SELinux, a process can set only its own | |
107 | .IR /proc/ pid /attr/fscreate | |
108 | attribute. | |
109 | .TP | |
110 | .IR /proc/ pid /attr/keycreate " (since Linux 2.6.18)" | |
111 | .\" commit 4eb582cf1fbd7b9e5f466e3718a59c957e75254e | |
112 | If a process writes a security context into this file, | |
113 | all subsequently created keys | |
114 | .RB ( add_key (2)) | |
115 | will be labeled with this context. | |
116 | For further information, see the kernel source file | |
117 | .I Documentation/security/keys/core.rst | |
118 | (or file | |
119 | .\" commit b68101a1e8f0263dbc7b8375d2a7c57c6216fb76 | |
120 | .I Documentation/security/keys.txt | |
121 | between Linux 3.0 and Linux 4.13, or | |
122 | .\" commit d410fa4ef99112386de5f218dd7df7b4fca910b4 | |
123 | .I Documentation/keys.txt | |
124 | before Linux 3.0). | |
125 | .TP | |
126 | .IR /proc/ pid /attr/prev " (since Linux 2.6.0)" | |
127 | This file contains the security context of the process before the last | |
128 | .BR execve (2); | |
129 | that is, the previous value of | |
130 | .IR /proc/ pid /attr/current . | |
131 | .TP | |
132 | .IR /proc/ pid /attr/socketcreate " (since Linux 2.6.18)" | |
133 | .\" commit 42c3e03ef6b298813557cdb997bd6db619cd65a2 | |
134 | If a process writes a security context into this file, | |
135 | all subsequently created sockets will be labeled with this context. | |
136 | .SH SEE ALSO | |
137 | .BR proc (5) |