diff options
| author | James Morris <james.l.morris@oracle.com> | 2014-05-20 06:50:09 +0200 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2014-05-20 06:50:09 +0200 |
| commit | 2fd4e6698f0863f47558e63b67c7c3a026513541 (patch) | |
| tree | 4401d5b14ec8b0d76e53ab04f20cd77f2456efa5 /Documentation | |
| parent | security: Convert use of typedef ctl_table to struct ctl_table (diff) | |
| parent | Warning in scanf string typing (diff) | |
| download | linux-2fd4e6698f0863f47558e63b67c7c3a026513541.tar.xz linux-2fd4e6698f0863f47558e63b67c7c3a026513541.zip | |
Merge branch 'smack-for-3.16' of git://git.gitorious.org/smack-next/kernel into next
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/security/Smack.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt index 7a2d30c132e3..5597917703e0 100644 --- a/Documentation/security/Smack.txt +++ b/Documentation/security/Smack.txt @@ -204,6 +204,16 @@ onlycap these capabilities are effective at for processes with any label. The value is set by writing the desired label to the file or cleared by writing "-" to the file. +ptrace + This is used to define the current ptrace policy + 0 - default: this is the policy that relies on smack access rules. + For the PTRACE_READ a subject needs to have a read access on + object. For the PTRACE_ATTACH a read-write access is required. + 1 - exact: this is the policy that limits PTRACE_ATTACH. Attach is + only allowed when subject's and object's labels are equal. + PTRACE_READ is not affected. Can be overriden with CAP_SYS_PTRACE. + 2 - draconian: this policy behaves like the 'exact' above with an + exception that it can't be overriden with CAP_SYS_PTRACE. revoke-subject Writing a Smack label here sets the access to '-' for all access rules with that subject label. |