aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack/smack.h
diff options
context:
space:
mode:
authorLukasz Pawelczyk <l.pawelczyk@partner.samsung.com>2014-03-11 17:07:06 +0100
committerCasey Schaufler <casey@schaufler-ca.com>2014-04-11 14:34:35 -0700
commit668678185247303450e60df14569f94cf5775fea (patch)
tree2f2b77d7a2769745699e48685c9dbf26d8dd0c98 /security/smack/smack.h
parentSmack: unify all ptrace accesses in the smack (diff)
downloadlinux-dev-668678185247303450e60df14569f94cf5775fea.tar.xz
linux-dev-668678185247303450e60df14569f94cf5775fea.zip
Smack: adds smackfs/ptrace interface
This allows to limit ptrace beyond the regular smack access rules. It adds a smackfs/ptrace interface that allows smack to be configured to require equal smack labels for PTRACE_MODE_ATTACH access. See the changes in Documentation/security/Smack.txt below for details. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r--security/smack/smack.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index b9dfc4e1d3e0..fade085b1128 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -177,6 +177,14 @@ struct smk_port_label {
#define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */
/*
+ * Ptrace rules
+ */
+#define SMACK_PTRACE_DEFAULT 0
+#define SMACK_PTRACE_EXACT 1
+#define SMACK_PTRACE_DRACONIAN 2
+#define SMACK_PTRACE_MAX SMACK_PTRACE_DRACONIAN
+
+/*
* Flags for untraditional access modes.
* It shouldn't be necessary to avoid conflicts with definitions
* in fs.h, but do so anyway.
@@ -245,6 +253,7 @@ extern struct smack_known *smack_net_ambient;
extern struct smack_known *smack_onlycap;
extern struct smack_known *smack_syslog_label;
extern const char *smack_cipso_option;
+extern int smack_ptrace_rule;
extern struct smack_known smack_known_floor;
extern struct smack_known smack_known_hat;