Lines Matching +full:self +full:- +full:working +full:- +full:mode
7 - The Elevator, from Dark Star
21 - The kernel
22 - Basic utilities, which are helpful but not required
23 - Configuration data
41 git://github.com/smack-team/smack.git
103 to the directory includes the transmute ("t") mode the object
120 # attr -S -s SMACK64 -V "value" path
121 # chsmack -a value path
124 reading ``/proc/self/attr/current``. A process with ``CAP_MAC_ADMIN``
128 in the smackfs filesystem. This pseudo-filesystem is mounted
153 change-rule
162 "rwxat-". If a rule for a given subject and object exists it will be
179 "level-3-cats-5-19 3 2 5 19"
191 "level-3-cats-5-19 3 2 5 19"
212 If label is "-DELETE" a matched entry will be deleted.
225 string may contain only the characters "rwxat-", and specifies
226 which sort of access is allowed. The "-" is a placeholder for
227 permissions that are not allowed. The string "r-x--" would
240 string may contain only the characters "rwxat-", and specifies
241 which sort of access is allowed. The "-" is a placeholder for
242 permissions that are not allowed. The string "r-x--" would
245 load-self
246 Provided for backward compatibility. The load-self2 interface
254 load-self2
278 If the label specified is "-CIPSO" the address is treated
286 by spaces, to the file or cleared by writing "-" to the file.
291 0 - default:
294 object. For the ``PTRACE_ATTACH`` a read-write access is required.
296 1 - exact:
301 2 - draconian:
305 revoke-subject
306 Writing a Smack label here sets the access to '-' for all access
317 relabel-self
319 transition to, by writing to ``/proc/self/attr/current``.
326 by spaces, to the file or cleared by writing "-" to the file.
337 Look for additional programs on http://schaufler-ca.com
343 casey@schaufler-ca.com
346 ------------------------
359 ---------------
369 -----------------------
380 -----
391 -----------------
432 ------------
442 long, but keeping them to twenty-three characters is recommended.
448 (quote) and '"' (double-quote) characters.
449 Smack labels cannot begin with a '-'. This is reserved for special options.
468 access mode may not be obvious. These include:
500 sensitivity, where a scientist working on a highly classified project would be
510 subject-label object-label access
512 Where subject-label is the Smack label of the task, object-label is the Smack
522 b: indicates that the rule should be reported for bring-up.
525 Access mode specifications can be in any order. Examples of acceptable rules
534 Closed Off -
544 valid letters (rwxatbRWXATB) and the dash ('-') character are allowed in
545 access specifications. The dash is a placeholder, so "a-r" is the same
559 and devices require access permissions that closely match those used by mode
605 process can read its own Smack label from /proc/self/attr/current. A
607 /proc/self/attr/current but not the label of another process.
716 A special label '@' and an option '-CIPSO' can be used there::
719 -CIPSO means standard CIPSO networking
723 echo 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
729 echo 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
730 echo 192.168.0.0/16 -CIPSO > /sys/fs/smackfs/netlabel
734 ------------------------------
741 ---------------------------
749 ---------------------------
756 ----------------------------
764 ----------------------
782 -----------------
801 --------------
828 --------------
845 Bringup Mode
846 ------------
848 Bringup mode provides logging features that can make application
851 mode is enabled accesses that succeed due to rules marked with the "b"
852 access mode will logged. When a new label is introduced for processes
856 Another feature of bringup mode is the "unconfined" option. Writing