diff options
author | David Howells <dhowells@redhat.com> | 2010-02-25 12:52:57 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2010-02-25 12:52:57 +0000 |
commit | 641e49724780cb1de46d9d431bd4152890f78a3a (patch) | |
tree | e6157924eeba457d6392ed5b5a4f0a8e4eb3069a | |
parent | a1e0c562d83f721c7defd685dbcfd6013577b46b (diff) | |
download | cachefilesd-641e49724780cb1de46d9d431bd4152890f78a3a.tar.gz |
Document the 'secctx' option
Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r-- | cachefilesd.conf.5 | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/cachefilesd.conf.5 b/cachefilesd.conf.5 index f3b8933..4535b13 100644 --- a/cachefilesd.conf.5 +++ b/cachefilesd.conf.5 @@ -29,6 +29,12 @@ only specified once per configuration file. .P All the other commands are optional: .TP +.B secctx <label> +Specify an LSM security context as which the kernel will perform operations to +access the cache. The default is to use cachefilesd's security context. Files +will be created in the cache with the label of directory specified to the 'dir' +command. +.TP .B brun <N>% .TP .B bcull <N>% @@ -88,6 +94,8 @@ As an example, consider the following: .RS dir /var/fscache .br +secctx cachefiles_kernel_t +.br tag mycache .br brun 10% @@ -95,14 +103,21 @@ brun 10% bcull 7% .br bstop 3% +.br +secctx system_u:system_r:cachefiles_kernel_t:s0 .RE .P -The places the cache storage objects in a directory called "/var/fscache", names -the cache "mycache", permits the cache to run freely as long as there's at -least 10% free space on /var/fscache/, starts culling the cache when the free -space drops below 7% and stops writing new stuff into the cache if the amount -of free space drops below 3%. If the cache is suspended, it won't reactivate -until the amount of free space rises again to 10% or better. +This places the cache storage objects in a directory called "/var/fscache", +names the cache "mycache", permits the cache to run freely as long as there's +at least 10% free space on /var/fscache/, starts culling the cache when the +free space drops below 7% and stops writing new stuff into the cache if the +amount of free space drops below 3%. If the cache is suspended, it won't +reactivate until the amount of free space rises again to 10% or better. +.P +Furthermore, this will tell the kernel module the security context it should +use when accessing the cache (SELinux is assumed to be the LSM in this +example). In this case, SELinux would use cachefiles_kernel_t as the key into +the policy. .SH CACHE CULLING .P The cache may need culling occasionally to make space. This involves |