summaryrefslogtreecommitdiffstats
path: root/Documentation/security
diff options
context:
space:
mode:
authorRafal Krypa <r.krypa@samsung.com>2012-07-11 17:49:30 +0200
committerCasey Schaufler <casey@schaufler-ca.com>2012-09-18 09:50:52 -0700
commit449543b0436a9146b855aad39eab76ae4853e88d (patch)
tree1b430fec0506e78929cfd944972d7dd49d0f76fd /Documentation/security
parentc00bedb368ae02a066aed8a888afc286c1df2e60 (diff)
downloadlinux-449543b0436a9146b855aad39eab76ae4853e88d.tar.bz2
Smack: implement revoking all rules for a subject label
Add /smack/revoke-subject special file. Writing a SMACK label to this file will set the access to '-' for all access rules with that subject label. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r--Documentation/security/Smack.txt3
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index a416479b8a1c..e68536d85680 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -194,6 +194,9 @@ onlycap
these capabilities are effective at for processes with any
label. The value is set by writing the desired label to the
file or cleared by writing "-" to the file.
+revoke-subject
+ Writing a Smack label here sets the access to '-' for all access
+ rules with that subject label.
You can add access rules in /etc/smack/accesses. They take the form: