Lines Matching refs:to
3 "Good for you, you've decided to clean the elevator!"
11 available for Linux. Those new to Mandatory Access Control
12 are encouraged to compare Smack with the other mechanisms
13 available to determine which is best suited to the problem
25 It is safe to run a Smack kernel under a "vanilla" distribution.
29 access to systems that use them as Smack does.
41 to an object with another
46 smackload - properly formats data for writing to smackfs/load
47 smackcipso - properly formats data for writing to smackfs/cipso
55 Add this line to /etc/fstab:
61 Smack uses extended attributes (xattrs) to store labels on filesystem
63 name space. A process must have CAP_MAC_ADMIN to change any of these
69 Used to make access control decisions. In almost all cases
70 the label given to a new filesystem object will be the label
76 Don't allow the file to be mmapped by a process whose Smack
77 label does not allow all of the access permitted to a process
84 to the directory includes the transmute ("t") mode the object
91 decisions on packets being delivered to this socket.
97 There are multiple ways to set a Smack label on a file:
106 Most Smack configuration is accomplished by writing to files
112 Smack label has a particular access to an object with a
113 specified Smack label. Write a fixed format access rule to
119 Smack label has a particular access to an object with a
120 specified Smack label. Write a long format access rule to
125 This contains the Smack label applied to unlabeled network
132 object label, the third the access to allow and the fourth the
133 access to deny. The access strings may contain only the characters
139 This interface allows a specific CIPSO header to be assigned
140 to a Smack label. The format accepted on write is:
143 the level to use. The second number is the number of categories.
147 This interface allows a specific CIPSO header to be assigned
148 to a Smack label. The format accepted on write is:
151 the level to use. The second number is the number of categories.
161 This interface allows access control rules in addition to
162 the system defined rules to be specified. The format accepted
170 specify read and execute access. Labels are limited to 23
173 This interface allows access control rules in addition to
174 the system defined rules to be specified. The format accepted
184 This interface allows process specific access rules to be
186 otherwise be permitted, and are intended to provide additional
190 This interface allows process specific access rules to be
192 otherwise be permitted, and are intended to provide additional
201 This interface allows specific internet addresses to be
202 treated as single label hosts. Packets are sent to single
204 that have Smack write access to the host label. All packets
210 and CAP_MAC_OVERRIDE to be effective. If this file is empty
212 label. The value is set by writing the desired label to the
213 file or cleared by writing "-" to the file.
215 This is used to define the current ptrace policy
217 For the PTRACE_READ a subject needs to have a read access on
225 Writing a Smack label here sets the access to '-' for all access
254 Computer systems employ a variety of schemes to constrain how information is
256 allow the program or user to decide what other programs or users are allowed
257 access to pieces of data. These schemes are called discretionary access
260 program can access up to users or programs. These schemes are called mandatory
262 or programs that have access to pieces of data.
271 often sited as failing to address general needs.
278 of popular Linux distributions. The administrative overhead required to
280 necessary to provide a secure domain mapping leads to the scheme being
285 Smack is a Mandatory Access Control mechanism designed to provide useful MAC
288 according to the requirements of the system and its purpose rather than those
295 The jargon used to talk about Smack will be familiar to those who have dealt
296 with other MAC systems and shouldn't be too difficult for the uninitiated to
307 Access: Any attempt by a subject to put information into or get
314 community. There are also some terms from Linux that are likely to crop up:
316 Capability: A task that possesses a capability has permission to
322 Privilege: A task that is allowed to violate the system security
323 policy is said to have privilege. As of this writing a task can
329 Smack is an extension to a Linux system. It enforces additional restrictions
330 on what subjects can access which objects, based on the labels attached to
335 Smack labels are ASCII character strings. They can be up to 255 characters
336 long, but keeping them to twenty-three characters is recommended.
363 Signals: A signal is a write operation from the subject task to
366 write operation from the source task to the destination task.
368 Smack restricts access based on the label attached to a subject and the label
369 attached to the object it is trying to access. The rules enforced are, in
387 many interesting cases where limited access by subjects to objects with
390 able to read documents of lower classifications and anything she writes will
430 Spaces are not allowed in labels. Since a subject always has access to files
434 as "ar". A lone dash is used to specify that no access should be allowed.
441 access control models is not one of them. Smack strives to treat accesses as
450 file requires read and write access to the file and to the containing
451 directory. It is possible that a user may be able to see that a file exists
452 but not any of its attributes by the circumstance of having read access to the
453 containing directory but not to the differently labeled file. This is an
457 access rule that allows a process to create an object in that directory
458 includes 't' access the label assigned to the new object will be that
460 for two processes with different labels to share data without granting
461 access to all of their files.
464 namespaces and access requests are only required to match the object in
467 Process objects reflect tasks on the system and the Smack label used to access
470 from the signaler to the recipient. Debugging a process requires both reading
474 Sockets are data structures attached to processes and sending a packet from
475 one process to another requires that the sender have write access to the
476 receiver. The receiver is not required to have read access to the sender.
480 The configuration file /etc/smack/accesses contains the rules to be set at
481 system startup. The contents are written to the special file
491 privileged process can change its own Smack label by writing to
503 CAP_MAC_OVERRIDE allows the process access to objects it would
504 be denied otherwise. CAP_MAC_ADMIN allows a process to change
511 label. This is done by adding a CIPSO tag to the header of the IP packet. Each
512 packet received is expected to have a CIPSO tag that identifies the label and
514 is delivered a check is made to determine that a subject with the label on the
515 packet has write access to the receiving process and if that is not the case
520 It is normally unnecessary to specify the CIPSO configuration. The default
522 label values to match the Smack labels being used without administrative
530 and a category set with each packet. The DOI is intended to identify a group
534 /sys/fs/smackfs/doi and can be changed by writing to /sys/fs/smackfs/doi.
536 The label and category set are mapped to a Smack label as defined in
543 Smack does not expect the level or category sets to be related in any
555 The mapping of Smack labels to CIPSO values is defined by writing to
558 In addition to explicit mappings Smack supports direct CIPSO mappings. One
559 CIPSO level is used to indicate that the category set passed in the packet is
561 value can be read from /sys/fs/smackfs/direct and changed by writing to
571 program that will enforce policy may set this to the star label.
574 A privileged program may set this to match the label of another
575 task with which it hopes to communicate.
579 You will often find that your labeled application has to talk to the outside,
585 It means that your application will have unlabeled access to @IP1 if it has
586 write access on LABEL1, and access to the subnet @IP2/MASK if it has write
593 @ means Internet, any application with any label has access to it
596 If you don't know what CIPSO is and don't plan to use it, you can just do :
610 application interacts with Smack will determine what it will have to do to
615 By far the majority of applications have no reason whatever to care about the
617 Smack label associated with the process the only concern likely to arise is
618 whether the process has execute access to the program.
631 to processes running with various labels.
647 will set the Smack label of /foo to "Rubble" if the program has appropriate
672 smackfsdef=label: specifies the label to give files that lack
675 smackfsroot=label: specifies the label to assign the root of the
678 smackfshat=label: specifies a label that must have read access to
681 smackfsfloor=label: specifies a label to which all labels set on the
684 These mount options apply to all file system types.
688 If you want Smack auditing of security events, you need to set CONFIG_AUDIT
691 writing a single character to the /sys/fs/smackfs/logging file :
706 CONFIG_SECURITY_SMACK_BRINGUP to enable these features. When bringup
707 mode is enabled accesses that succeed due to rules marked with the "b"
713 a label to /sys/fs/smackfs/unconfined makes subjects with that label
714 able to access any object, and objects with that label accessible to