/proc/pid/attr/ - security-related attributes
- /proc/pid/attr/
- The files in this directory provide an API for security modules. The
contents of this directory are files that can be read and written in order
to set security-related attributes. This directory was added to support
SELinux, but the intention was that the API be general enough to support
other security modules. For the purpose of explanation, examples of how
SELinux uses these files are provided below.
- This directory is present only if the kernel was configured with
CONFIG_SECURITY.
- /proc/pid/attr/current (since Linux 2.6.0)
- The contents of this file represent the current security attributes of the
process.
- In SELinux, this file is used to get the security context of a process.
Prior to Linux 2.6.11, this file could not be used to set the security
context (a write was always denied), since SELinux limited process
security transitions to execve(2) (see the description of
/proc/pid/attr/exec, below). Since Linux 2.6.11, SELinux
lifted this restriction and began supporting "set" operations
via writes to this node if authorized by policy, although use of this
operation is only suitable for applications that are trusted to maintain
any desired separation between the old and new security contexts.
- Prior to Linux 2.6.28, SELinux did not allow threads within a
multithreaded process to set their security context via this node as it
would yield an inconsistency among the security contexts of the threads
sharing the same memory space. Since Linux 2.6.28, SELinux lifted this
restriction and began supporting "set" operations for threads
within a multithreaded process if the new security context is bounded by
the old security context, where the bounded relation is defined in policy
and guarantees that the new security context has a subset of the
permissions of the old security context.
- Other security modules may choose to support "set" operations
via writes to this node.
- /proc/pid/attr/exec (since Linux 2.6.0)
- This file represents the attributes to assign to the process upon a
subsequent execve(2).
- In SELinux, this is needed to support role/domain transitions, and
execve(2) is the preferred point to make such transitions because
it offers better control over the initialization of the process in the new
security label and the inheritance of state. In SELinux, this attribute is
reset on execve(2) so that the new program reverts to the default
behavior for any execve(2) calls that it may make. In SELinux, a
process can set only its own /proc/pid/attr/exec
attribute.
- /proc/pid/attr/fscreate (since Linux 2.6.0)
- This file represents the attributes to assign to files created by
subsequent calls to open(2), mkdir(2), symlink(2),
and mknod(2)
- SELinux employs this file to support creation of a file (using the
aforementioned system calls) in a secure state, so that there is no risk
of inappropriate access being obtained between the time of creation and
the time that attributes are set. In SELinux, this attribute is reset on
execve(2), so that the new program reverts to the default behavior
for any file creation calls it may make, but the attribute will persist
across multiple file creation calls within a program unless it is
explicitly reset. In SELinux, a process can set only its own
/proc/pid/attr/fscreate attribute.
- /proc/pid/attr/keycreate (since Linux 2.6.18)
- If a process writes a security context into this file, all subsequently
created keys (add_key(2)) will be labeled with this context. For
further information, see the kernel source file
Documentation/security/keys/core.rst (or file
Documentation/security/keys.txt between Linux 3.0 and Linux 4.13,
or Documentation/keys.txt before Linux 3.0).
- /proc/pid/attr/prev (since Linux 2.6.0)
- This file contains the security context of the process before the last
execve(2); that is, the previous value of
/proc/pid/attr/current.
- /proc/pid/attr/socketcreate (since Linux 2.6.18)
- If a process writes a security context into this file, all subsequently
created sockets will be labeled with this context.