diff options
author | Rafal Krypa <r.krypa@samsung.com> | 2013-01-10 19:42:00 +0100 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2013-03-19 14:16:42 -0700 |
commit | e05b6f982a049113a88a1750e13fdb15298cbed4 (patch) | |
tree | 2f59b25edb54ff44f743423268e934f87c60a359 /Documentation | |
parent | cee7e443344a3845e5b9111614b41e0b1afb60ce (diff) |
Smack: add support for modification of existing rules
Rule modifications are enabled via /smack/change-rule. Format is as follows:
"Subject Object rwaxt rwaxt"
First two strings are subject and object labels up to 255 characters.
Third string contains permissions to enable.
Fourth string contains permissions to disable.
All unmentioned permissions will be left unchanged.
If no rule previously existed, it will be created.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/security/Smack.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt index 8a177e4b6e21..7a2d30c132e3 100644 --- a/Documentation/security/Smack.txt +++ b/Documentation/security/Smack.txt @@ -117,6 +117,17 @@ access2 ambient This contains the Smack label applied to unlabeled network packets. +change-rule + This interface allows modification of existing access control rules. + The format accepted on write is: + "%s %s %s %s" + where the first string is the subject label, the second the + object label, the third the access to allow and the fourth the + access to deny. The access strings may contain only the characters + "rwxat-". If a rule for a given subject and object exists it will be + modified by enabling the permissions in the third string and disabling + those in the fourth string. If there is no such rule it will be + created using the access specified in the third and the fourth strings. cipso This interface allows a specific CIPSO header to be assigned to a Smack label. The format accepted on write is: |