Re: [PATCH v19 13/23] LSM: Specify which LSM to display

Create a new entry "display" in the procfs attr directory for controlling which LSM security information is displayed for a process. A process can only read or write its own display value. The name of an active LSM that supplies hooks for human readable data may be written to "display" to set the value. The name of the LSM currently in use can be read from "display". At this point there can only be one LSM capable of display active. A helper function lsm_task_display() is provided to get the display slot for a task_struct. Setting the "display" requires that all security modules using setprocattr hooks allow the action. Each security module is responsible for defining its policy. AppArmor hook provided by John Johansen <john.johansen(a)canonical.com&gt; SELinux hook provided by Stephen Smalley <sds(a)tycho.nsa.gov&gt; Reviewed-by: Kees Cook <keescook(a)chromium.org&gt; Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov&gt; Acked-by: Paul Moore <paul(a)paul-moore.com&gt; Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt;