summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorRafal Krypa <r.krypa@samsung.com>2012-07-11 17:49:30 +0200
committerCasey Schaufler <casey@schaufler-ca.com>2012-09-18 18:50:52 +0200
commit449543b0436a9146b855aad39eab76ae4853e88d (patch)
tree1b430fec0506e78929cfd944972d7dd49d0f76fd /Documentation
parentSmack: remove task_wait() hook. (diff)
downloadlinux-449543b0436a9146b855aad39eab76ae4853e88d.tar.xz
linux-449543b0436a9146b855aad39eab76ae4853e88d.zip
Smack: implement revoking all rules for a subject label
Add /smack/revoke-subject special file. Writing a SMACK label to this file will set the access to '-' for all access rules with that subject label. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/security/Smack.txt3
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index a416479b8a1c..e68536d85680 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -194,6 +194,9 @@ onlycap
these capabilities are effective at for processes with any
label. The value is set by writing the desired label to the
file or cleared by writing "-" to the file.
+revoke-subject
+ Writing a Smack label here sets the access to '-' for all access
+ rules with that subject label.
You can add access rules in /etc/smack/accesses. They take the form: