Lines Matching +full:attribute +full:- +full:sets
7 - The Elevator, from Dark Star
21 - The kernel
22 - Basic utilities, which are helpful but not required
23 - Configuration data
41 git://github.com/smack-team/smack.git
47 display or set Smack extended attribute values
78 objects. The attributes are stored in the extended attribute security
91 this attribute set will run with this attribute's value.
96 with the label contained in this attribute. This is a very
100 Can only have the value "TRUE". If this attribute is present
106 the SMACK64TRANSMUTE attribute is set as well.
109 This attribute is only available on file descriptors for sockets.
110 Use the Smack label in this attribute for access control
114 This attribute is only available on file descriptors for sockets.
115 Use the Smack label in this attribute for access control
120 # attr -S -s SMACK64 -V "value" path
121 # chsmack -a value path
128 in the smackfs filesystem. This pseudo-filesystem is mounted
153 change-rule
162 "rwxat-". If a rule for a given subject and object exists it will be
179 "level-3-cats-5-19 3 2 5 19"
191 "level-3-cats-5-19 3 2 5 19"
212 If label is "-DELETE" a matched entry will be deleted.
225 string may contain only the characters "rwxat-", and specifies
226 which sort of access is allowed. The "-" is a placeholder for
227 permissions that are not allowed. The string "r-x--" would
240 string may contain only the characters "rwxat-", and specifies
241 which sort of access is allowed. The "-" is a placeholder for
242 permissions that are not allowed. The string "r-x--" would
245 load-self
246 Provided for backward compatibility. The load-self2 interface
254 load-self2
278 If the label specified is "-CIPSO" the address is treated
286 by spaces, to the file or cleared by writing "-" to the file.
291 0 - default:
294 object. For the ``PTRACE_ATTACH`` a read-write access is required.
296 1 - exact:
301 2 - draconian:
305 revoke-subject
306 Writing a Smack label here sets the access to '-' for all access
317 relabel-self
326 by spaces, to the file or cleared by writing "-" to the file.
337 Look for additional programs on http://schaufler-ca.com
343 casey@schaufler-ca.com
346 ------------------------
359 ---------------
369 -----------------------
380 -----
391 -----------------
432 ------------
442 long, but keeping them to twenty-three characters is recommended.
448 (quote) and '"' (double-quote) characters.
449 Smack labels cannot begin with a '-'. This is reserved for special options.
510 subject-label object-label access
512 Where subject-label is the Smack label of the task, object-label is the Smack
522 b: indicates that the rule should be reported for bring-up.
534 Closed Off -
544 valid letters (rwxatbRWXATB) and the dash ('-') character are allowed in
545 access specifications. The dash is a placeholder, so "a-r" is the same
576 IPC objects, message queues, semaphore sets, and memory segments exist in flat
601 Task Attribute
609 File Attribute
612 The Smack label of a filesystem object is stored as an extended attribute
613 named SMACK64 on the file. This attribute is in the security namespace. It can
662 Smack does not expect the level or category sets to be related in any
716 A special label '@' and an option '-CIPSO' can be used there::
719 -CIPSO means standard CIPSO networking
723 echo 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
729 echo 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
730 echo 192.168.0.0/16 -CIPSO > /sys/fs/smackfs/netlabel
734 ------------------------------
741 ---------------------------
749 ---------------------------
756 ----------------------------
764 ----------------------
782 -----------------
801 --------------
807 the Smack label extended attribute.
811 file system if it lacks the Smack extended attribute.
823 sets the transmute flag on the root of the mount
828 --------------
846 ------------