Configure ACL(Access Control List) - Proc filesystem ACL

The filesystem that contains the current state of the running kernel and the information of the running processes is mounted on the "/proc" directory. This filesystem is called "proc filesystem". You can define the access controls for the proc filesystem. The screenshot is shown below.

1 "/proc/<my pid>" line

When a process is created, a directory whose name is the pid of the process is created on the proc filesystem. You can define the access controls for the directory that is named the self-pid. In default configuration, read-access to this directory is allowed in the "global" domain.

2 "/proc/<other domain's PID>" line

You can define the access controls for the directories that contain the information of other processes.

3 "/proc/sys,/proc/net" line

These directories contain the information that is used by the system in common. The usual process need no write-access permission to these directories, but need read-access permission.

4 "/proc/kmsg" line

The running kernel outputs the log to this "/proc/kmsg" file.

5 "/proc/<other...>" line

You can define the access control for all files other than the above under the "/proc" directory. If you want to define the access controls in detail, you have to edit the original configuration files in SELinux.

6 "apply" button

By clicking this button, the inter-configuration files are updated with the changes.