Lines Matching +full:state +full:- +full:labels
7 - The Elevator, from Dark Star
21 - The kernel
22 - Basic utilities, which are helpful but not required
23 - Configuration data
41 git://github.com/smack-team/smack.git
77 Smack uses extended attributes (xattrs) to store labels on filesystem
120 # attr -S -s SMACK64 -V "value" path
121 # chsmack -a value path
128 in the smackfs filesystem. This pseudo-filesystem is mounted
153 change-rule
162 "rwxat-". If a rule for a given subject and object exists it will be
179 "level-3-cats-5-19 3 2 5 19"
191 "level-3-cats-5-19 3 2 5 19"
212 If label is "-DELETE" a matched entry will be deleted.
225 string may contain only the characters "rwxat-", and specifies
226 which sort of access is allowed. The "-" is a placeholder for
227 permissions that are not allowed. The string "r-x--" would
228 specify read and execute access. Labels are limited to 23
240 string may contain only the characters "rwxat-", and specifies
241 which sort of access is allowed. The "-" is a placeholder for
242 permissions that are not allowed. The string "r-x--" would
245 load-self
246 Provided for backward compatibility. The load-self2 interface
254 load-self2
262 This contains the Smack logging state.
278 If the label specified is "-CIPSO" the address is treated
282 This contains labels processes must have for CAP_MAC_ADMIN
285 label. The values are set by writing the desired labels, separated
286 by spaces, to the file or cleared by writing "-" to the file.
291 0 - default:
294 object. For the ``PTRACE_ATTACH`` a read-write access is required.
296 1 - exact:
298 only allowed when subject's and object's labels are equal.
301 2 - draconian:
305 revoke-subject
306 Writing a Smack label here sets the access to '-' for all access
317 relabel-self
318 This interface contains a list of labels to which the process can
322 ``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.
325 The values are set by writing the desired labels, separated
326 by spaces, to the file or cleared by writing "-" to the file.
337 Look for additional programs on http://schaufler-ca.com
343 casey@schaufler-ca.com
346 ------------------------
359 ---------------
369 -----------------------
380 -----
391 -----------------
432 ------------
435 on what subjects can access which objects, based on the labels attached to
438 Labels section in Smack Basics
441 Smack labels are ASCII character strings. They can be up to 255 characters
442 long, but keeping them to twenty-three characters is recommended.
443 Single character labels using special characters, that being anything
445 team. Smack labels are unstructured, case sensitive, and the only operation
446 ever performed on them is comparison for equality. Smack labels cannot
448 (quote) and '"' (double-quote) characters.
449 Smack labels cannot begin with a '-'. This is reserved for special options.
451 There are some predefined labels::
499 different labels is desired. One example is the familiar spy model of
503 mechanism for specifying rules allowing access between labels.
510 subject-label object-label access
512 Where subject-label is the Smack label of the task, object-label is the Smack
522 b: indicates that the rule should be reported for bring-up.
534 Closed Off -
542 Spaces are not allowed in labels. Since a subject always has access to files
544 valid letters (rwxatbRWXATB) and the dash ('-') character are allowed in
545 access specifications. The dash is a placeholder, so "a-r" is the same
573 for two processes with different labels to share data without granting
585 tasks with identical Smack labels and requires no access checks.
597 immediately. For any pair of subject and object labels there can be only
641 label values to match the Smack labels being used without administrative
674 The mapping of Smack labels to CIPSO values is defined by writing to
716 A special label '@' and an option '-CIPSO' can be used there::
719 -CIPSO means standard CIPSO networking
723 echo 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
729 echo 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
730 echo 192.168.0.0/16 -CIPSO > /sys/fs/smackfs/netlabel
734 ------------------------------
741 ---------------------------
749 ---------------------------
756 ----------------------------
761 to processes running with various labels.
764 ----------------------
766 Smack maintains labels on file system objects using extended attributes. The
782 -----------------
801 --------------
815 all labels set on the filesystem. Not yet enforced.
818 specifies a label to which all labels set on the
828 --------------
846 ------------