diff options
author | Rafal Krypa <r.krypa@samsung.com> | 2012-07-11 17:49:30 +0200 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2012-09-18 18:50:52 +0200 |
commit | 449543b0436a9146b855aad39eab76ae4853e88d (patch) | |
tree | 1b430fec0506e78929cfd944972d7dd49d0f76fd /Documentation | |
parent | Smack: remove task_wait() hook. (diff) | |
download | linux-449543b0436a9146b855aad39eab76ae4853e88d.tar.xz linux-449543b0436a9146b855aad39eab76ae4853e88d.zip |
Smack: implement revoking all rules for a subject label
Add /smack/revoke-subject special file. Writing a SMACK label to this file will
set the access to '-' for all access rules with that subject label.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/security/Smack.txt | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt index a416479b8a1c..e68536d85680 100644 --- a/Documentation/security/Smack.txt +++ b/Documentation/security/Smack.txt @@ -194,6 +194,9 @@ onlycap these capabilities are effective at for processes with any label. The value is set by writing the desired label to the file or cleared by writing "-" to the file. +revoke-subject + Writing a Smack label here sets the access to '-' for all access + rules with that subject label. You can add access rules in /etc/smack/accesses. They take the form: |