Smack: Lock mode for the floor and hat labels - linux-dev - Linux kernel development work

diff options

author	Casey Schaufler <casey@schaufler-ca.com>	2014-10-09 16:18:55 -0700
committer	Casey Schaufler <casey@schaufler-ca.com>	2014-10-28 08:22:40 -0700
commit	6c892df2686c5611979792aaa4ddea9ee9f18749 (patch)
tree	58f14443be31f7e5249419d46b9bf6dc740fb970 /security/smack/smack_lsm.c
parent	integrity: do zero padding of the key id (diff)
download	linux-dev-6c892df2686c5611979792aaa4ddea9ee9f18749.tar.xz linux-dev-6c892df2686c5611979792aaa4ddea9ee9f18749.zip

Smack: Lock mode for the floor and hat labels

The lock access mode allows setting a read lock on a file for with the process has only read access. The floor label is defined to make it easy to have the basic system installed such that everyone can read it. Once there's a desire to read lock (rationally or otherwise) a floor file a rule needs to get set. This happens all the time, so make the floor label a little bit more special and allow everyone lock access, too. By implication, give processes with the hat label (hat can read everything) lock access as well. This reduces clutter in the Smack rule set. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Diffstat (limited to 'security/smack/smack_lsm.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: