€•      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ)/translations/zh_CN/admin-guide/LSM/Smack”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ)/translations/zh_TW/admin-guide/LSM/Smack”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ)/translations/it_IT/admin-guide/LSM/Smack”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ)/translations/ja_JP/admin-guide/LSM/Smack”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ)/translations/ko_KR/admin-guide/LSM/Smack”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ)/translations/sp_SP/admin-guide/LSM/Smack”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒSmack”h]”hŒSmack”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒC/var/lib/git/docbuild/linux/Documentation/admin-guide/LSM/Smack.rst”h KubhŒblock_quote”“”)”}”(hŒU"Good for you, you've decided to clean the elevator!"
- The Elevator, from Dark Star
”h]”hŒ	paragraph”“”)”}”(hŒT"Good for you, you've decided to clean the elevator!"
- The Elevator, from Dark Star”h]”hŒZâ€œGood for you, youâ€™ve decided to clean the elevator!â€
- The Elevator, from Dark Star”…””}”(hh¿hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khh¹ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¾)”}”(hŒ±Smack is the Simplified Mandatory Access Control Kernel.
Smack is a kernel based implementation of mandatory access
control that includes simplicity in its primary design goals.”h]”hŒ±Smack is the Simplified Mandatory Access Control Kernel.
Smack is a kernel based implementation of mandatory access
control that includes simplicity in its primary design goals.”…””}”(hhÓhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K	hh£hžhubh¾)”}”(hŒîSmack is not the only Mandatory Access Control scheme
available for Linux. Those new to Mandatory Access Control
are encouraged to compare Smack with the other mechanisms
available to determine which is best suited to the problem
at hand.”h]”hŒîSmack is not the only Mandatory Access Control scheme
available for Linux. Those new to Mandatory Access Control
are encouraged to compare Smack with the other mechanisms
available to determine which is best suited to the problem
at hand.”…””}”(hháhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khh£hžhubh¾)”}”(hŒ)Smack consists of three major components:”h]”hŒ)Smack consists of three major components:”…””}”(hhïhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khh£hžhubh¸)”}”(hŒX- The kernel
- Basic utilities, which are helpful but not required
- Configuration data
”h]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ
The kernel”h]”h¾)”}”(hj
  h]”hŒ
The kernel”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒ3Basic utilities, which are helpful but not required”h]”h¾)”}”(hj!  h]”hŒ3Basic utilities, which are helpful but not required”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒConfiguration data
”h]”h¾)”}”(hŒConfiguration data”h]”hŒConfiguration data”…””}”(hj:  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j  hŸh¶h Khhýubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¾)”}”(hX   The kernel component of Smack is implemented as a Linux
Security Modules (LSM) module. It requires netlabel and
works best with file systems that support extended attributes,
although xattr support is not strictly required.
It is safe to run a Smack kernel under a "vanilla" distribution.”h]”hX$  The kernel component of Smack is implemented as a Linux
Security Modules (LSM) module. It requires netlabel and
works best with file systems that support extended attributes,
although xattr support is not strictly required.
It is safe to run a Smack kernel under a â€œvanillaâ€ distribution.”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khh£hžhubh¾)”}”(hŒSmack kernels use the CIPSO IP option. Some network
configurations are intolerant of IP options and can impede
access to systems that use them as Smack does.”h]”hŒSmack kernels use the CIPSO IP option. Some network
configurations are intolerant of IP options and can impede
access to systems that use them as Smack does.”…””}”(hjj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khh£hžhubh¾)”}”(hŒSmack is used in the Tizen operating system. Please
go to http://wiki.tizen.org for information about how
Smack is used in Tizen.”h]”(hŒ:Smack is used in the Tizen operating system. Please
go to ”…””}”(hjx  hžhhŸNh NubhŒ	reference”“”)”}”(hŒhttp://wiki.tizen.org”h]”hŒhttp://wiki.tizen.org”…””}”(hj‚  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j„  uh1j€  hjx  ubhŒ2 for information about how
Smack is used in Tizen.”…””}”(hjx  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K#hh£hžhubh¾)”}”(hŒ3The current git repository for Smack user space is:”h]”hŒ3The current git repository for Smack user space is:”…””}”(hj›  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K'hh£hžhubh¸)”}”(hŒ&git://github.com/smack-team/smack.git
”h]”h¾)”}”(hŒ%git://github.com/smack-team/smack.git”h]”hŒ%git://github.com/smack-team/smack.git”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K)hj©  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K)hh£hžhubh¾)”}”(hŒiThis should make and install on most modern distributions.
There are five commands included in smackutil:”h]”hŒiThis should make and install on most modern distributions.
There are five commands included in smackutil:”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K+hh£hžhubhŒdefinition_list”“”)”}”(hhh]”(hŒdefinition_list_item”“”)”}”(hŒ8chsmack:
display or set Smack extended attribute values
”h]”(hŒterm”“”)”}”(hŒchsmack:”h]”hŒchsmack:”…””}”(hjÜ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K/hjÖ  ubhŒ
definition”“”)”}”(hhh]”h¾)”}”(hŒ.display or set Smack extended attribute values”h]”hŒ.display or set Smack extended attribute values”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K/hjì  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÖ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K/hjÑ  ubjÕ  )”}”(hŒ&smackctl:
load the Smack access rules
”h]”(jÛ  )”}”(hŒ	smackctl:”h]”hŒ	smackctl:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K2hj	  ubjë  )”}”(hhh]”h¾)”}”(hŒload the Smack access rules”h]”hŒload the Smack access rules”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K2hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K2hjÑ  hžhubjÕ  )”}”(hŒUsmackaccess:
report if a process with one label has access
to an object with another
”h]”(jÛ  )”}”(hŒsmackaccess:”h]”hŒsmackaccess:”…””}”(hj<  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K6hj8  ubjë  )”}”(hhh]”h¾)”}”(hŒGreport if a process with one label has access
to an object with another”h]”hŒGreport if a process with one label has access
to an object with another”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K5hjJ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj8  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K6hjÑ  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hh£hžhhŸh¶h Nubh¾)”}”(hŒiThese two commands are obsolete with the introduction of
the smackfs/load2 and smackfs/cipso2 interfaces.”h]”hŒiThese two commands are obsolete with the introduction of
the smackfs/load2 and smackfs/cipso2 interfaces.”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K8hh£hžhubjÐ  )”}”(hhh]”(jÕ  )”}”(hŒ=smackload:
properly formats data for writing to smackfs/load
”h]”(jÛ  )”}”(hŒ
smackload:”h]”hŒ
smackload:”…””}”(hj‚  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K<hj~  ubjë  )”}”(hhh]”h¾)”}”(hŒ1properly formats data for writing to smackfs/load”h]”hŒ1properly formats data for writing to smackfs/load”…””}”(hj“  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K<hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj~  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K<hj{  ubjÕ  )”}”(hŒ?smackcipso:
properly formats data for writing to smackfs/cipso
”h]”(jÛ  )”}”(hŒsmackcipso:”h]”hŒsmackcipso:”…””}”(hj±  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K?hj­  ubjë  )”}”(hhh]”h¾)”}”(hŒ2properly formats data for writing to smackfs/cipso”h]”hŒ2properly formats data for writing to smackfs/cipso”…””}”(hjÂ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K?hj¿  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj­  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K?hj{  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hh£hžhhŸh¶h Nubh¾)”}”(hX  In keeping with the intent of Smack, configuration data is
minimal and not strictly required. The most important
configuration step is mounting the smackfs pseudo filesystem.
If smackutil is installed the startup script will take care
of this, but it can be manually as well.”h]”hX  In keeping with the intent of Smack, configuration data is
minimal and not strictly required. The most important
configuration step is mounting the smackfs pseudo filesystem.
If smackutil is installed the startup script will take care
of this, but it can be manually as well.”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KAhh£hžhubh¾)”}”(hŒ!Add this line to ``/etc/fstab``::”h]”(hŒAdd this line to ”…””}”(hjð  hžhhŸNh NubhŒliteral”“”)”}”(hŒ``/etc/fstab``”h]”hŒ
/etc/fstab”…””}”(hjú  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjð  ubhŒ:”…””}”(hjð  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KGhh£hžhubhŒliteral_block”“”)”}”(hŒ,smackfs /sys/fs/smackfs smackfs defaults 0 0”h]”hŒ,smackfs /sys/fs/smackfs smackfs defaults 0 0”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1j  hŸh¶h KIhh£hžhubh¾)”}”(hŒ;The ``/sys/fs/smackfs`` directory is created by the kernel.”h]”(hŒThe ”…””}”(hj$  hžhhŸNh Nubjù  )”}”(hŒ``/sys/fs/smackfs``”h]”hŒ/sys/fs/smackfs”…””}”(hj,  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj$  ubhŒ$ directory is created by the kernel.”…””}”(hj$  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KKhh£hžhubh¾)”}”(hŒàSmack uses extended attributes (xattrs) to store labels on filesystem
objects. The attributes are stored in the extended attribute security
name space. A process must have ``CAP_MAC_ADMIN`` to change any of these
attributes.”h]”(hŒ¬Smack uses extended attributes (xattrs) to store labels on filesystem
objects. The attributes are stored in the extended attribute security
name space. A process must have ”…””}”(hjD  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_ADMIN``”h]”hŒCAP_MAC_ADMIN”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjD  ubhŒ# to change any of these
attributes.”…””}”(hjD  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KMhh£hžhubh¾)”}”(hŒ,The extended attributes that Smack uses are:”h]”hŒ,The extended attributes that Smack uses are:”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KRhh£hžhubjÐ  )”}”(hhh]”(jÕ  )”}”(hŒ SMACK64
Used to make access control decisions. In almost all cases
the label given to a new filesystem object will be the label
of the process that created it.
”h]”(jÛ  )”}”(hŒSMACK64”h]”hŒSMACK64”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h KWhju  ubjë  )”}”(hhh]”h¾)”}”(hŒ—Used to make access control decisions. In almost all cases
the label given to a new filesystem object will be the label
of the process that created it.”h]”hŒ—Used to make access control decisions. In almost all cases
the label given to a new filesystem object will be the label
of the process that created it.”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KUhj‡  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hju  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h KWhjr  ubjÕ  )”}”(hŒSMACK64EXEC
The Smack label of a process that execs a program file with
this attribute set will run with this attribute's value.
”h]”(jÛ  )”}”(hŒSMACK64EXEC”h]”hŒSMACK64EXEC”…””}”(hj¨  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K[hj¤  ubjë  )”}”(hhh]”h¾)”}”(hŒtThe Smack label of a process that execs a program file with
this attribute set will run with this attribute's value.”h]”hŒvThe Smack label of a process that execs a program file with
this attribute set will run with this attributeâ€™s value.”…””}”(hj¹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KZhj¶  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj¤  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K[hjr  hžhubjÕ  )”}”(hŒéSMACK64MMAP
Don't allow the file to be mmapped by a process whose Smack
label does not allow all of the access permitted to a process
with the label contained in this attribute. This is a very
specific use case for shared libraries.
”h]”(jÛ  )”}”(hŒSMACK64MMAP”h]”hŒSMACK64MMAP”…””}”(hj×  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h KahjÓ  ubjë  )”}”(hhh]”h¾)”}”(hŒÜDon't allow the file to be mmapped by a process whose Smack
label does not allow all of the access permitted to a process
with the label contained in this attribute. This is a very
specific use case for shared libraries.”h]”hŒÞDonâ€™t allow the file to be mmapped by a process whose Smack
label does not allow all of the access permitted to a process
with the label contained in this attribute. This is a very
specific use case for shared libraries.”…””}”(hjè  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K^hjå  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÓ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kahjr  hžhubjÕ  )”}”(hX®  SMACK64TRANSMUTE
Can only have the value "TRUE". If this attribute is present
on a directory when an object is created in the directory and
the Smack rule (more below) that permitted the write access
to the directory includes the transmute ("t") mode the object
gets the label of the directory instead of the label of the
creating process. If the object being created is a directory
the SMACK64TRANSMUTE attribute is set as well.
”h]”(jÛ  )”}”(hŒSMACK64TRANSMUTE”h]”hŒSMACK64TRANSMUTE”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Kjhj  ubjë  )”}”(hhh]”h¾)”}”(hXœ  Can only have the value "TRUE". If this attribute is present
on a directory when an object is created in the directory and
the Smack rule (more below) that permitted the write access
to the directory includes the transmute ("t") mode the object
gets the label of the directory instead of the label of the
creating process. If the object being created is a directory
the SMACK64TRANSMUTE attribute is set as well.”h]”hX¤  Can only have the value â€œTRUEâ€. If this attribute is present
on a directory when an object is created in the directory and
the Smack rule (more below) that permitted the write access
to the directory includes the transmute (â€œtâ€) mode the object
gets the label of the directory instead of the label of the
creating process. If the object being created is a directory
the SMACK64TRANSMUTE attribute is set as well.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Kdhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kjhjr  hžhubjÕ  )”}”(hŒ¼SMACK64IPIN
This attribute is only available on file descriptors for sockets.
Use the Smack label in this attribute for access control
decisions on packets being delivered to this socket.
”h]”(jÛ  )”}”(hŒSMACK64IPIN”h]”hŒSMACK64IPIN”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Kohj1  ubjë  )”}”(hhh]”h¾)”}”(hŒ¯This attribute is only available on file descriptors for sockets.
Use the Smack label in this attribute for access control
decisions on packets being delivered to this socket.”h]”hŒ¯This attribute is only available on file descriptors for sockets.
Use the Smack label in this attribute for access control
decisions on packets being delivered to this socket.”…””}”(hjF  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KmhjC  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj1  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kohjr  hžhubjÕ  )”}”(hŒ¶SMACK64IPOUT
This attribute is only available on file descriptors for sockets.
Use the Smack label in this attribute for access control
decisions on packets coming from this socket.
”h]”(jÛ  )”}”(hŒSMACK64IPOUT”h]”hŒSMACK64IPOUT”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Kthj`  ubjë  )”}”(hhh]”h¾)”}”(hŒ¨This attribute is only available on file descriptors for sockets.
Use the Smack label in this attribute for access control
decisions on packets coming from this socket.”h]”hŒ¨This attribute is only available on file descriptors for sockets.
Use the Smack label in this attribute for access control
decisions on packets coming from this socket.”…””}”(hju  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Krhjr  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj`  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kthjr  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hh£hžhhŸh¶h Nubh¾)”}”(hŒ8There are multiple ways to set a Smack label on a file::”h]”hŒ7There are multiple ways to set a Smack label on a file:”…””}”(hj•  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Kvhh£hžhubj  )”}”(hŒ<# attr -S -s SMACK64 -V "value" path
# chsmack -a value path”h]”hŒ<# attr -S -s SMACK64 -V "value" path
# chsmack -a value path”…””}”hj£  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Kxhh£hžhubh¾)”}”(hŒ©A process can see the Smack label it is running with by
reading ``/proc/self/attr/current``. A process with ``CAP_MAC_ADMIN``
can set the process Smack by writing there.”h]”(hŒ@A process can see the Smack label it is running with by
reading ”…””}”(hj±  hžhhŸNh Nubjù  )”}”(hŒ``/proc/self/attr/current``”h]”hŒ/proc/self/attr/current”…””}”(hj¹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj±  ubhŒ. A process with ”…””}”(hj±  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_ADMIN``”h]”hŒCAP_MAC_ADMIN”…””}”(hjË  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj±  ubhŒ,
can set the process Smack by writing there.”…””}”(hj±  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K{hh£hžhubh¾)”}”(hŒ‘Most Smack configuration is accomplished by writing to files
in the smackfs filesystem. This pseudo-filesystem is mounted
on ``/sys/fs/smackfs``.”h]”(hŒ}Most Smack configuration is accomplished by writing to files
in the smackfs filesystem. This pseudo-filesystem is mounted
on ”…””}”(hjã  hžhhŸNh Nubjù  )”}”(hŒ``/sys/fs/smackfs``”h]”hŒ/sys/fs/smackfs”…””}”(hjë  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjã  ubhŒ.”…””}”(hjã  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Khh£hžhubjÐ  )”}”(hhh]”(jÕ  )”}”(hX±  access
Provided for backward compatibility. The access2 interface
is preferred and should be used instead.
This interface reports whether a subject with the specified
Smack label has a particular access to an object with a
specified Smack label. Write a fixed format access rule to
this file. The next read will indicate whether the access
would be permitted. The text will be either "1" indicating
access, or "0" indicating denial.
”h]”(jÛ  )”}”(hŒaccess”h]”hŒaccess”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K‹hj  ubjë  )”}”(hhh]”h¾)”}”(hX©  Provided for backward compatibility. The access2 interface
is preferred and should be used instead.
This interface reports whether a subject with the specified
Smack label has a particular access to an object with a
specified Smack label. Write a fixed format access rule to
this file. The next read will indicate whether the access
would be permitted. The text will be either "1" indicating
access, or "0" indicating denial.”h]”hX±  Provided for backward compatibility. The access2 interface
is preferred and should be used instead.
This interface reports whether a subject with the specified
Smack label has a particular access to an object with a
specified Smack label. Write a fixed format access rule to
this file. The next read will indicate whether the access
would be permitted. The text will be either â€œ1â€ indicating
access, or â€œ0â€ indicating denial.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K„hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K‹hj  ubjÕ  )”}”(hXM  access2
This interface reports whether a subject with the specified
Smack label has a particular access to an object with a
specified Smack label. Write a long format access rule to
this file. The next read will indicate whether the access
would be permitted. The text will be either "1" indicating
access, or "0" indicating denial.
”h]”(jÛ  )”}”(hŒaccess2”h]”hŒaccess2”…””}”(hj9  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K“hj5  ubjë  )”}”(hhh]”h¾)”}”(hXD  This interface reports whether a subject with the specified
Smack label has a particular access to an object with a
specified Smack label. Write a long format access rule to
this file. The next read will indicate whether the access
would be permitted. The text will be either "1" indicating
access, or "0" indicating denial.”h]”hXL  This interface reports whether a subject with the specified
Smack label has a particular access to an object with a
specified Smack label. Write a long format access rule to
this file. The next read will indicate whether the access
would be permitted. The text will be either â€œ1â€ indicating
access, or â€œ0â€ indicating denial.”…””}”(hjJ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KŽhjG  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj5  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K“hj  hžhubjÕ  )”}”(hŒLambient
This contains the Smack label applied to unlabeled network
packets.
”h]”(jÛ  )”}”(hŒambient”h]”hŒambient”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K—hjd  ubjë  )”}”(hhh]”h¾)”}”(hŒCThis contains the Smack label applied to unlabeled network
packets.”h]”hŒCThis contains the Smack label applied to unlabeled network
packets.”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K–hjv  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjd  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K—hj  hžhubjÕ  )”}”(hX]  change-rule
This interface allows modification of existing access control rules.
The format accepted on write is::

        "%s %s %s %s"

where the first string is the subject label, the second the
object label, the third the access to allow and the fourth the
access to deny. The access strings may contain only the characters
"rwxat-". If a rule for a given subject and object exists it will be
modified by enabling the permissions in the third string and disabling
those in the fourth string. If there is no such rule it will be
created using the access specified in the third and the fourth strings.
”h]”(jÛ  )”}”(hŒchange-rule”h]”hŒchange-rule”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K¥hj“  ubjë  )”}”(hhh]”(h¾)”}”(hŒfThis interface allows modification of existing access control rules.
The format accepted on write is::”h]”hŒeThis interface allows modification of existing access control rules.
The format accepted on write is:”…””}”(hj¨  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Kšhj¥  ubj  )”}”(hŒ"%s %s %s %s"”h]”hŒ"%s %s %s %s"”…””}”hj¶  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Khj¥  ubh¾)”}”(hXÑ  where the first string is the subject label, the second the
object label, the third the access to allow and the fourth the
access to deny. The access strings may contain only the characters
"rwxat-". If a rule for a given subject and object exists it will be
modified by enabling the permissions in the third string and disabling
those in the fourth string. If there is no such rule it will be
created using the access specified in the third and the fourth strings.”h]”hXÕ  where the first string is the subject label, the second the
object label, the third the access to allow and the fourth the
access to deny. The access strings may contain only the characters
â€œrwxat-â€. If a rule for a given subject and object exists it will be
modified by enabling the permissions in the third string and disabling
those in the fourth string. If there is no such rule it will be
created using the access specified in the third and the fourth strings.”…””}”(hjÄ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KŸhj¥  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj“  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K¥hj  hžhubjÕ  )”}”(hXØ  cipso
Provided for backward compatibility. The cipso2 interface
is preferred and should be used instead.
This interface allows a specific CIPSO header to be assigned
to a Smack label. The format accepted on write is::

        "%24s%4d%4d"["%4d"]...

The first string is a fixed Smack label. The first number is
the level to use. The second number is the number of categories.
The following numbers are the categories::

        "level-3-cats-5-19          3   2   5  19"
”h]”(jÛ  )”}”(hŒcipso”h]”hŒcipso”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K³hjÞ  ubjë  )”}”(hhh]”(h¾)”}”(hŒÓProvided for backward compatibility. The cipso2 interface
is preferred and should be used instead.
This interface allows a specific CIPSO header to be assigned
to a Smack label. The format accepted on write is::”h]”hŒÒProvided for backward compatibility. The cipso2 interface
is preferred and should be used instead.
This interface allows a specific CIPSO header to be assigned
to a Smack label. The format accepted on write is:”…””}”(hjó  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K¨hjð  ubj  )”}”(hŒ"%24s%4d%4d"["%4d"]...”h]”hŒ"%24s%4d%4d"["%4d"]...”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h K­hjð  ubh¾)”}”(hŒ¨The first string is a fixed Smack label. The first number is
the level to use. The second number is the number of categories.
The following numbers are the categories::”h]”hŒ§The first string is a fixed Smack label. The first number is
the level to use. The second number is the number of categories.
The following numbers are the categories:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K¯hjð  ubj  )”}”(hŒ*"level-3-cats-5-19          3   2   5  19"”h]”hŒ*"level-3-cats-5-19          3   2   5  19"”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h K³hjð  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÞ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K³hj  hžhubjÕ  )”}”(hXl  cipso2
This interface allows a specific CIPSO header to be assigned
to a Smack label. The format accepted on write is::

        "%s%4d%4d"["%4d"]...

The first string is a long Smack label. The first number is
the level to use. The second number is the number of categories.
The following numbers are the categories::

        "level-3-cats-5-19   3   2   5  19"
”h]”(jÛ  )”}”(hŒcipso2”h]”hŒcipso2”…””}”(hj;  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h K¿hj7  ubjë  )”}”(hhh]”(h¾)”}”(hŒpThis interface allows a specific CIPSO header to be assigned
to a Smack label. The format accepted on write is::”h]”hŒoThis interface allows a specific CIPSO header to be assigned
to a Smack label. The format accepted on write is:”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K¶hjI  ubj  )”}”(hŒ"%s%4d%4d"["%4d"]...”h]”hŒ"%s%4d%4d"["%4d"]...”…””}”hjZ  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h K¹hjI  ubh¾)”}”(hŒ§The first string is a long Smack label. The first number is
the level to use. The second number is the number of categories.
The following numbers are the categories::”h]”hŒ¦The first string is a long Smack label. The first number is
the level to use. The second number is the number of categories.
The following numbers are the categories:”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K»hjI  ubj  )”}”(hŒ#"level-3-cats-5-19   3   2   5  19"”h]”hŒ#"level-3-cats-5-19   3   2   5  19"”…””}”hjv  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h K¿hjI  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj7  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h K¿hj  hžhubjÕ  )”}”(hŒddirect
This contains the CIPSO level used for Smack direct label
representation in network packets.
”h]”(jÛ  )”}”(hŒdirect”h]”hŒdirect”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h KÃhj  ubjë  )”}”(hhh]”h¾)”}”(hŒ\This contains the CIPSO level used for Smack direct label
representation in network packets.”h]”hŒ\This contains the CIPSO level used for Smack direct label
representation in network packets.”…””}”(hj¥  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KÂhj¢  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h KÃhj  hžhubjÕ  )”}”(hŒNdoi
This contains the CIPSO domain of interpretation used in
network packets.
”h]”(jÛ  )”}”(hŒdoi”h]”hŒdoi”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h KÇhj¿  ubjë  )”}”(hhh]”h¾)”}”(hŒIThis contains the CIPSO domain of interpretation used in
network packets.”h]”hŒIThis contains the CIPSO domain of interpretation used in
network packets.”…””}”(hjÔ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KÆhjÑ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj¿  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h KÇhj  hžhubjÕ  )”}”(hXú  ipv6host
This interface allows specific IPv6 internet addresses to be
treated as single label hosts. Packets are sent to single
label hosts only from processes that have Smack write access
to the host label. All packets received from single label hosts
are given the specified label. The format accepted on write is::

        "%h:%h:%h:%h:%h:%h:%h:%h label" or
        "%h:%h:%h:%h:%h:%h:%h:%h/%d label".

The "::" address shortcut is not supported.
If label is "-DELETE" a matched entry will be deleted.
”h]”(jÛ  )”}”(hŒipv6host”h]”hŒipv6host”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h KÔhjî  ubjë  )”}”(hhh]”(h¾)”}”(hX4  This interface allows specific IPv6 internet addresses to be
treated as single label hosts. Packets are sent to single
label hosts only from processes that have Smack write access
to the host label. All packets received from single label hosts
are given the specified label. The format accepted on write is::”h]”hX3  This interface allows specific IPv6 internet addresses to be
treated as single label hosts. Packets are sent to single
label hosts only from processes that have Smack write access
to the host label. All packets received from single label hosts
are given the specified label. The format accepted on write is:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KÊhj   ubj  )”}”(hŒF"%h:%h:%h:%h:%h:%h:%h:%h label" or
"%h:%h:%h:%h:%h:%h:%h:%h/%d label".”h]”hŒF"%h:%h:%h:%h:%h:%h:%h:%h label" or
"%h:%h:%h:%h:%h:%h:%h:%h/%d label".”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h KÐhj   ubh¾)”}”(hŒbThe "::" address shortcut is not supported.
If label is "-DELETE" a matched entry will be deleted.”h]”hŒjThe â€œ::â€ address shortcut is not supported.
If label is â€œ-DELETEâ€ a matched entry will be deleted.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KÓhj   ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjî  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h KÔhj  hžhubjÕ  )”}”(hX†  load
Provided for backward compatibility. The load2 interface
is preferred and should be used instead.
This interface allows access control rules in addition to
the system defined rules to be specified. The format accepted
on write is::

        "%24s%24s%5s"

where the first string is the subject label, the second the
object label, and the third the requested access. The access
string may contain only the characters "rwxat-", and specifies
which sort of access is allowed. The "-" is a placeholder for
permissions that are not allowed. The string "r-x--" would
specify read and execute access. Labels are limited to 23
characters in length.
”h]”(jÛ  )”}”(hŒload”h]”hŒload”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Kåhj9  ubjë  )”}”(hhh]”(h¾)”}”(hŒçProvided for backward compatibility. The load2 interface
is preferred and should be used instead.
This interface allows access control rules in addition to
the system defined rules to be specified. The format accepted
on write is::”h]”hŒæProvided for backward compatibility. The load2 interface
is preferred and should be used instead.
This interface allows access control rules in addition to
the system defined rules to be specified. The format accepted
on write is:”…””}”(hjN  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h K×hjK  ubj  )”}”(hŒ"%24s%24s%5s"”h]”hŒ"%24s%24s%5s"”…””}”hj\  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h KÝhjK  ubh¾)”}”(hX€  where the first string is the subject label, the second the
object label, and the third the requested access. The access
string may contain only the characters "rwxat-", and specifies
which sort of access is allowed. The "-" is a placeholder for
permissions that are not allowed. The string "r-x--" would
specify read and execute access. Labels are limited to 23
characters in length.”h]”hXŒ  where the first string is the subject label, the second the
object label, and the third the requested access. The access
string may contain only the characters â€œrwxat-â€, and specifies
which sort of access is allowed. The â€œ-â€ is a placeholder for
permissions that are not allowed. The string â€œr-x--â€ would
specify read and execute access. Labels are limited to 23
characters in length.”…””}”(hjj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h KßhjK  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj9  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kåhj  hžhubjÕ  )”}”(hXó  load2
This interface allows access control rules in addition to
the system defined rules to be specified. The format accepted
on write is::

        "%s %s %s"

where the first string is the subject label, the second the
object label, and the third the requested access. The access
string may contain only the characters "rwxat-", and specifies
which sort of access is allowed. The "-" is a placeholder for
permissions that are not allowed. The string "r-x--" would
specify read and execute access.
”h]”(jÛ  )”}”(hŒload2”h]”hŒload2”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Kóhj„  ubjë  )”}”(hhh]”(h¾)”}”(hŒ…This interface allows access control rules in addition to
the system defined rules to be specified. The format accepted
on write is::”h]”hŒ„This interface allows access control rules in addition to
the system defined rules to be specified. The format accepted
on write is:”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Kèhj–  ubj  )”}”(hŒ
"%s %s %s"”h]”hŒ
"%s %s %s"”…””}”hj§  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Kìhj–  ubh¾)”}”(hXQ  where the first string is the subject label, the second the
object label, and the third the requested access. The access
string may contain only the characters "rwxat-", and specifies
which sort of access is allowed. The "-" is a placeholder for
permissions that are not allowed. The string "r-x--" would
specify read and execute access.”h]”hX]  where the first string is the subject label, the second the
object label, and the third the requested access. The access
string may contain only the characters â€œrwxat-â€, and specifies
which sort of access is allowed. The â€œ-â€ is a placeholder for
permissions that are not allowed. The string â€œr-x--â€ would
specify read and execute access.”…””}”(hjµ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Kîhj–  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj„  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kóhj  hžhubjÕ  )”}”(hXq  load-self
Provided for backward compatibility. The load-self2 interface
is preferred and should be used instead.
This interface allows process specific access rules to be
defined. These rules are only consulted if access would
otherwise be permitted, and are intended to provide additional
restrictions on the process. The format is the same as for
the load interface.
”h]”(jÛ  )”}”(hŒ	load-self”h]”hŒ	load-self”…””}”(hjÓ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h KühjÏ  ubjë  )”}”(hhh]”h¾)”}”(hXf  Provided for backward compatibility. The load-self2 interface
is preferred and should be used instead.
This interface allows process specific access rules to be
defined. These rules are only consulted if access would
otherwise be permitted, and are intended to provide additional
restrictions on the process. The format is the same as for
the load interface.”h]”hXf  Provided for backward compatibility. The load-self2 interface
is preferred and should be used instead.
This interface allows process specific access rules to be
defined. These rules are only consulted if access would
otherwise be permitted, and are intended to provide additional
restrictions on the process. The format is the same as for
the load interface.”…””}”(hjä  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Köhjá  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÏ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Kühj  hžhubjÕ  )”}”(hX  load-self2
This interface allows process specific access rules to be
defined. These rules are only consulted if access would
otherwise be permitted, and are intended to provide additional
restrictions on the process. The format is the same as for
the load2 interface.
”h]”(jÛ  )”}”(hŒ
load-self2”h]”hŒ
load-self2”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Mhjþ  ubjë  )”}”(hhh]”h¾)”}”(hX   This interface allows process specific access rules to be
defined. These rules are only consulted if access would
otherwise be permitted, and are intended to provide additional
restrictions on the process. The format is the same as for
the load2 interface.”h]”hX   This interface allows process specific access rules to be
defined. These rules are only consulted if access would
otherwise be permitted, and are intended to provide additional
restrictions on the process. The format is the same as for
the load2 interface.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Kÿhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjþ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Mhj  hžhubjÕ  )”}”(hŒ/logging
This contains the Smack logging state.
”h]”(jÛ  )”}”(hŒlogging”h]”hŒlogging”…””}”(hj1  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Mhj-  ubjë  )”}”(hhh]”h¾)”}”(hŒ&This contains the Smack logging state.”h]”hŒ&This contains the Smack logging state.”…””}”(hjB  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj?  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj-  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Mhj  hžhubjÕ  )”}”(hŒdmapped
This contains the CIPSO level used for Smack mapped label
representation in network packets.
”h]”(jÛ  )”}”(hŒmapped”h]”hŒmapped”…””}”(hj`  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M
hj\  ubjë  )”}”(hhh]”h¾)”}”(hŒ\This contains the CIPSO level used for Smack mapped label
representation in network packets.”h]”hŒ\This contains the CIPSO level used for Smack mapped label
representation in network packets.”…””}”(hjq  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M	hjn  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj\  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M
hj  hžhubjÕ  )”}”(hXî  netlabel
This interface allows specific internet addresses to be
treated as single label hosts. Packets are sent to single
label hosts without CIPSO headers, but only from processes
that have Smack write access to the host label. All packets
received from single label hosts are given the specified
label. The format accepted on write is::

        "%d.%d.%d.%d label" or "%d.%d.%d.%d/%d label".

If the label specified is "-CIPSO" the address is treated
as a host that supports CIPSO headers.
”h]”(jÛ  )”}”(hŒnetlabel”h]”hŒnetlabel”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Mhj‹  ubjë  )”}”(hhh]”(h¾)”}”(hXJ  This interface allows specific internet addresses to be
treated as single label hosts. Packets are sent to single
label hosts without CIPSO headers, but only from processes
that have Smack write access to the host label. All packets
received from single label hosts are given the specified
label. The format accepted on write is::”h]”hXI  This interface allows specific internet addresses to be
treated as single label hosts. Packets are sent to single
label hosts without CIPSO headers, but only from processes
that have Smack write access to the host label. All packets
received from single label hosts are given the specified
label. The format accepted on write is:”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj  ubj  )”}”(hŒ."%d.%d.%d.%d label" or "%d.%d.%d.%d/%d label".”h]”hŒ."%d.%d.%d.%d label" or "%d.%d.%d.%d/%d label".”…””}”hj®  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Mhj  ubh¾)”}”(hŒ`If the label specified is "-CIPSO" the address is treated
as a host that supports CIPSO headers.”h]”hŒdIf the label specified is â€œ-CIPSOâ€ the address is treated
as a host that supports CIPSO headers.”…””}”(hj¼  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj‹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Mhj  hžhubjÕ  )”}”(hX?  onlycap
This contains labels processes must have for CAP_MAC_ADMIN
and ``CAP_MAC_OVERRIDE`` to be effective. If this file is empty
these capabilities are effective at for processes with any
label. The values are set by writing the desired labels, separated
by spaces, to the file or cleared by writing "-" to the file.
”h]”(jÛ  )”}”(hŒonlycap”h]”hŒonlycap”…””}”(hjÚ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h MhjÖ  ubjë  )”}”(hhh]”h¾)”}”(hX6  This contains labels processes must have for CAP_MAC_ADMIN
and ``CAP_MAC_OVERRIDE`` to be effective. If this file is empty
these capabilities are effective at for processes with any
label. The values are set by writing the desired labels, separated
by spaces, to the file or cleared by writing "-" to the file.”h]”(hŒ?This contains labels processes must have for CAP_MAC_ADMIN
and ”…””}”(hjë  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_OVERRIDE``”h]”hŒCAP_MAC_OVERRIDE”…””}”(hjó  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjë  ubhŒç to be effective. If this file is empty
these capabilities are effective at for processes with any
label. The values are set by writing the desired labels, separated
by spaces, to the file or cleared by writing â€œ-â€ to the file.”…””}”(hjë  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhjè  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÖ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Mhj  hžhubjÕ  )”}”(hXq  ptrace
This is used to define the current ptrace policy

0 - default:
    this is the policy that relies on Smack access rules.
    For the ``PTRACE_READ`` a subject needs to have a read access on
    object. For the ``PTRACE_ATTACH`` a read-write access is required.

1 - exact:
    this is the policy that limits ``PTRACE_ATTACH``. Attach is
    only allowed when subject's and object's labels are equal.
    ``PTRACE_READ`` is not affected. Can be overridden with ``CAP_SYS_PTRACE``.

2 - draconian:
    this policy behaves like the 'exact' above with an
    exception that it can't be overridden with ``CAP_SYS_PTRACE``.
”h]”(jÛ  )”}”(hŒptrace”h]”hŒptrace”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M/hj	  ubjë  )”}”(hhh]”(h¾)”}”(hŒ0This is used to define the current ptrace policy”h]”hŒ0This is used to define the current ptrace policy”…””}”(hj,	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M!hj)	  ubjÐ  )”}”(hhh]”(jÕ  )”}”(hŒÇ0 - default:
this is the policy that relies on Smack access rules.
For the ``PTRACE_READ`` a subject needs to have a read access on
object. For the ``PTRACE_ATTACH`` a read-write access is required.
”h]”(jÛ  )”}”(hŒ0 - default:”h]”hŒ0 - default:”…””}”(hjA	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M&hj=	  ubjë  )”}”(hhh]”h¾)”}”(hŒ¹this is the policy that relies on Smack access rules.
For the ``PTRACE_READ`` a subject needs to have a read access on
object. For the ``PTRACE_ATTACH`` a read-write access is required.”h]”(hŒ>this is the policy that relies on Smack access rules.
For the ”…””}”(hjR	  hžhhŸNh Nubjù  )”}”(hŒ``PTRACE_READ``”h]”hŒPTRACE_READ”…””}”(hjZ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjR	  ubhŒ: a subject needs to have a read access on
object. For the ”…””}”(hjR	  hžhhŸNh Nubjù  )”}”(hŒ``PTRACE_ATTACH``”h]”hŒPTRACE_ATTACH”…””}”(hjl	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjR	  ubhŒ! a read-write access is required.”…””}”(hjR	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M$hjO	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj=	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M&hj:	  ubjÕ  )”}”(hŒÎ1 - exact:
this is the policy that limits ``PTRACE_ATTACH``. Attach is
only allowed when subject's and object's labels are equal.
``PTRACE_READ`` is not affected. Can be overridden with ``CAP_SYS_PTRACE``.
”h]”(jÛ  )”}”(hŒ
1 - exact:”h]”hŒ
1 - exact:”…””}”(hj”	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M+hj	  ubjë  )”}”(hhh]”h¾)”}”(hŒÂthis is the policy that limits ``PTRACE_ATTACH``. Attach is
only allowed when subject's and object's labels are equal.
``PTRACE_READ`` is not affected. Can be overridden with ``CAP_SYS_PTRACE``.”h]”(hŒthis is the policy that limits ”…””}”(hj¥	  hžhhŸNh Nubjù  )”}”(hŒ``PTRACE_ATTACH``”h]”hŒPTRACE_ATTACH”…””}”(hj­	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj¥	  ubhŒK. Attach is
only allowed when subjectâ€™s and objectâ€™s labels are equal.
”…””}”(hj¥	  hžhhŸNh Nubjù  )”}”(hŒ``PTRACE_READ``”h]”hŒPTRACE_READ”…””}”(hj¿	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj¥	  ubhŒ) is not affected. Can be overridden with ”…””}”(hj¥	  hžhhŸNh Nubjù  )”}”(hŒ``CAP_SYS_PTRACE``”h]”hŒCAP_SYS_PTRACE”…””}”(hjÑ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj¥	  ubhŒ.”…””}”(hj¥	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M)hj¢	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M+hj:	  ubjÕ  )”}”(hŒ2 - draconian:
this policy behaves like the 'exact' above with an
exception that it can't be overridden with ``CAP_SYS_PTRACE``.
”h]”(jÛ  )”}”(hŒ2 - draconian:”h]”hŒ2 - draconian:”…””}”(hjù	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M/hjõ	  ubjë  )”}”(hhh]”h¾)”}”(hŒqthis policy behaves like the 'exact' above with an
exception that it can't be overridden with ``CAP_SYS_PTRACE``.”h]”(hŒdthis policy behaves like the â€˜exactâ€™ above with an
exception that it canâ€™t be overridden with ”…””}”(hj

  hžhhŸNh Nubjù  )”}”(hŒ``CAP_SYS_PTRACE``”h]”hŒCAP_SYS_PTRACE”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hj

  ubhŒ.”…””}”(hj

  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M.hj
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjõ	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M/hj:	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hj)	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M/hj  hžhubjÕ  )”}”(hŒorevoke-subject
Writing a Smack label here sets the access to '-' for all access
rules with that subject label.
”h]”(jÛ  )”}”(hŒrevoke-subject”h]”hŒrevoke-subject”…””}”(hjL
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M3hjH
  ubjë  )”}”(hhh]”h¾)”}”(hŒ_Writing a Smack label here sets the access to '-' for all access
rules with that subject label.”h]”hŒcWriting a Smack label here sets the access to â€˜-â€™ for all access
rules with that subject label.”…””}”(hj]
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M2hjZ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjH
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M3hj  hžhubjÕ  )”}”(hX|  unconfined
If the kernel is configured with ``CONFIG_SECURITY_SMACK_BRINGUP``
a process with ``CAP_MAC_ADMIN`` can write a label into this interface.
Thereafter, accesses that involve that label will be logged and
the access permitted if it wouldn't be otherwise. Note that this
is dangerous and can ruin the proper labeling of your system.
It should never be used in production.
”h]”(jÛ  )”}”(hŒ
unconfined”h]”hŒ
unconfined”…””}”(hj{
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M;hjw
  ubjë  )”}”(hhh]”h¾)”}”(hXp  If the kernel is configured with ``CONFIG_SECURITY_SMACK_BRINGUP``
a process with ``CAP_MAC_ADMIN`` can write a label into this interface.
Thereafter, accesses that involve that label will be logged and
the access permitted if it wouldn't be otherwise. Note that this
is dangerous and can ruin the proper labeling of your system.
It should never be used in production.”h]”(hŒ!If the kernel is configured with ”…””}”(hjŒ
  hžhhŸNh Nubjù  )”}”(hŒ!``CONFIG_SECURITY_SMACK_BRINGUP``”h]”hŒCONFIG_SECURITY_SMACK_BRINGUP”…””}”(hj”
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjŒ
  ubhŒ
a process with ”…””}”(hjŒ
  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_ADMIN``”h]”hŒCAP_MAC_ADMIN”…””}”(hj¦
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjŒ
  ubhX   can write a label into this interface.
Thereafter, accesses that involve that label will be logged and
the access permitted if it wouldnâ€™t be otherwise. Note that this
is dangerous and can ruin the proper labeling of your system.
It should never be used in production.”…””}”(hjŒ
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M6hj‰
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjw
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M;hj  hžhubjÕ  )”}”(hXI  relabel-self
This interface contains a list of labels to which the process can
transition to, by writing to ``/proc/self/attr/current``.
Normally a process can change its own label to any legal value, but only
if it has ``CAP_MAC_ADMIN``. This interface allows a process without
``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.
A process without ``CAP_MAC_ADMIN`` can change its label only once. When it
does, this list will be cleared.
The values are set by writing the desired labels, separated
by spaces, to the file or cleared by writing "-" to the file.
”h]”(jÛ  )”}”(hŒrelabel-self”h]”hŒrelabel-self”…””}”(hjÎ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h MFhjÊ
  ubjë  )”}”(hhh]”h¾)”}”(hX;  This interface contains a list of labels to which the process can
transition to, by writing to ``/proc/self/attr/current``.
Normally a process can change its own label to any legal value, but only
if it has ``CAP_MAC_ADMIN``. This interface allows a process without
``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.
A process without ``CAP_MAC_ADMIN`` can change its label only once. When it
does, this list will be cleared.
The values are set by writing the desired labels, separated
by spaces, to the file or cleared by writing "-" to the file.”h]”(hŒ_This interface contains a list of labels to which the process can
transition to, by writing to ”…””}”(hjß
  hžhhŸNh Nubjù  )”}”(hŒ``/proc/self/attr/current``”h]”hŒ/proc/self/attr/current”…””}”(hjç
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjß
  ubhŒU.
Normally a process can change its own label to any legal value, but only
if it has ”…””}”(hjß
  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_ADMIN``”h]”hŒCAP_MAC_ADMIN”…””}”(hjù
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjß
  ubhŒ*. This interface allows a process without
”…””}”(hjß
  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_ADMIN``”h]”hŒCAP_MAC_ADMIN”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjß
  ubhŒL to relabel itself to one of labels from predefined list.
A process without ”…””}”(hjß
  hžhhŸNh Nubjù  )”}”(hŒ``CAP_MAC_ADMIN``”h]”hŒCAP_MAC_ADMIN”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjß
  ubhŒÇ can change its label only once. When it
does, this list will be cleared.
The values are set by writing the desired labels, separated
by spaces, to the file or cleared by writing â€œ-â€ to the file.”…””}”(hjß
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M>hjÜ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÊ
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h MFhj  hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hh£hžhhŸh¶h Nubh¾)”}”(hŒpIf you are using the smackload utility
you can add access rules in ``/etc/smack/accesses``. They take the form::”h]”(hŒCIf you are using the smackload utility
you can add access rules in ”…””}”(hjG  hžhhŸNh Nubjù  )”}”(hŒ``/etc/smack/accesses``”h]”hŒ/etc/smack/accesses”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jø  hjG  ubhŒ. They take the form:”…””}”(hjG  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MHhh£hžhubj  )”}”(hŒsubjectlabel objectlabel access”h]”hŒsubjectlabel objectlabel access”…””}”hjg  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MKhh£hžhubh¾)”}”(hŒ½access is a combination of the letters rwxatb which specify the
kind of access permitted a subject with subjectlabel on an
object with objectlabel. If there is no rule no access is allowed.”h]”hŒ½access is a combination of the letters rwxatb which specify the
kind of access permitted a subject with subjectlabel on an
object with objectlabel. If there is no rule no access is allowed.”…””}”(hju  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MMhh£hžhubh¾)”}”(hŒ7Look for additional programs on http://schaufler-ca.com”h]”(hŒ Look for additional programs on ”…””}”(hjƒ  hžhhŸNh Nubj  )”}”(hŒhttp://schaufler-ca.com”h]”hŒhttp://schaufler-ca.com”…””}”(hj‹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j  uh1j€  hjƒ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MQhh£hžhubh¢)”}”(hhh]”(h§)”}”(hŒ;The Simplified Mandatory Access Control Kernel (Whitepaper)”h]”hŒ;The Simplified Mandatory Access Control Kernel (Whitepaper)”…””}”(hj£  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj   hžhhŸh¶h MTubh¾)”}”(hŒ&Casey Schaufler
casey@schaufler-ca.com”h]”(hŒCasey Schaufler
”…””}”(hj±  hžhhŸNh Nubj  )”}”(hŒcasey@schaufler-ca.com”h]”hŒcasey@schaufler-ca.com”…””}”(hj¹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:casey@schaufler-ca.com”uh1j€  hj±  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MVhj   hžhubh¢)”}”(hhh]”(h§)”}”(hŒMandatory Access Control”h]”hŒMandatory Access Control”…””}”(hjÒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÏ  hžhhŸh¶h MZubh¾)”}”(hX—  Computer systems employ a variety of schemes to constrain how information is
shared among the people and services using the machine. Some of these schemes
allow the program or user to decide what other programs or users are allowed
access to pieces of data. These schemes are called discretionary access
control mechanisms because the access control is specified at the discretion
of the user. Other schemes do not leave the decision regarding what a user or
program can access up to users or programs. These schemes are called mandatory
access control mechanisms because you don't have a choice regarding the users
or programs that have access to pieces of data.”h]”hX™  Computer systems employ a variety of schemes to constrain how information is
shared among the people and services using the machine. Some of these schemes
allow the program or user to decide what other programs or users are allowed
access to pieces of data. These schemes are called discretionary access
control mechanisms because the access control is specified at the discretion
of the user. Other schemes do not leave the decision regarding what a user or
program can access up to users or programs. These schemes are called mandatory
access control mechanisms because you donâ€™t have a choice regarding the users
or programs that have access to pieces of data.”…””}”(hjà  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M\hjÏ  hžhubeh}”(h]”Œmandatory-access-control”ah ]”h"]”Œmandatory access control”ah$]”h&]”uh1h¡hj   hžhhŸh¶h MZubh¢)”}”(hhh]”(h§)”}”(hŒBell & LaPadula”h]”hŒBell & LaPadula”…””}”(hjù  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjö  hžhhŸh¶h Mgubh¾)”}”(hX©  From the middle of the 1980's until the turn of the century Mandatory Access
Control (MAC) was very closely associated with the Bell & LaPadula security
model, a mathematical description of the United States Department of Defense
policy for marking paper documents. MAC in this form enjoyed a following
within the Capital Beltway and Scandinavian supercomputer centers but was
often sited as failing to address general needs.”h]”hX«  From the middle of the 1980â€™s until the turn of the century Mandatory Access
Control (MAC) was very closely associated with the Bell & LaPadula security
model, a mathematical description of the United States Department of Defense
policy for marking paper documents. MAC in this form enjoyed a following
within the Capital Beltway and Scandinavian supercomputer centers but was
often sited as failing to address general needs.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mihjö  hžhubeh}”(h]”Œbell-lapadula”ah ]”h"]”Œbell & lapadula”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Mgubh¢)”}”(hhh]”(h§)”}”(hŒDomain Type Enforcement”h]”hŒDomain Type Enforcement”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h Mqubh¾)”}”(hXó  Around the turn of the century Domain Type Enforcement (DTE) became popular.
This scheme organizes users, programs, and data into domains that are
protected from each other. This scheme has been widely deployed as a component
of popular Linux distributions. The administrative overhead required to
maintain this scheme and the detailed understanding of the whole system
necessary to provide a secure domain mapping leads to the scheme being
disabled or used in limited ways in the majority of cases.”h]”hXó  Around the turn of the century Domain Type Enforcement (DTE) became popular.
This scheme organizes users, programs, and data into domains that are
protected from each other. This scheme has been widely deployed as a component
of popular Linux distributions. The administrative overhead required to
maintain this scheme and the detailed understanding of the whole system
necessary to provide a secure domain mapping leads to the scheme being
disabled or used in limited ways in the majority of cases.”…””}”(hj.  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mshj  hžhubeh}”(h]”Œdomain-type-enforcement”ah ]”h"]”Œdomain type enforcement”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Mqubh¢)”}”(hhh]”(h§)”}”(hŒSmack”h]”hŒSmack”…””}”(hjG  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjD  hžhhŸh¶h M|ubh¾)”}”(hXÚ  Smack is a Mandatory Access Control mechanism designed to provide useful MAC
while avoiding the pitfalls of its predecessors. The limitations of Bell &
LaPadula are addressed by providing a scheme whereby access can be controlled
according to the requirements of the system and its purpose rather than those
imposed by an arcane government policy. The complexity of Domain Type
Enforcement and avoided by defining access controls in terms of the access
modes already in use.”h]”hXÚ  Smack is a Mandatory Access Control mechanism designed to provide useful MAC
while avoiding the pitfalls of its predecessors. The limitations of Bell &
LaPadula are addressed by providing a scheme whereby access can be controlled
according to the requirements of the system and its purpose rather than those
imposed by an arcane government policy. The complexity of Domain Type
Enforcement and avoided by defining access controls in terms of the access
modes already in use.”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M~hjD  hžhubeh}”(h]”Œid1”ah ]”h"]”h$]”Œsmack”ah&]”uh1h¡hj   hžhhŸh¶h M|Œ
referenced”Kubh¢)”}”(hhh]”(h§)”}”(hŒSmack Terminology”h]”hŒSmack Terminology”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjl  hžhhŸh¶h M‡ubh¾)”}”(hŒúThe jargon used to talk about Smack will be familiar to those who have dealt
with other MAC systems and shouldn't be too difficult for the uninitiated to
pick up. There are four terms that are used in a specific way and that are
especially important:”h]”hŒüThe jargon used to talk about Smack will be familiar to those who have dealt
with other MAC systems and shouldnâ€™t be too difficult for the uninitiated to
pick up. There are four terms that are used in a specific way and that are
especially important:”…””}”(hj}  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M‰hjl  hžhubh¸)”}”(hX  Subject:
      A subject is an active entity on the computer system.
      On Smack a subject is a task, which is in turn the basic unit
      of execution.

Object:
      An object is a passive entity on the computer system.
      On Smack files of all types, IPC, and tasks can be objects.

Access:
      Any attempt by a subject to put information into or get
      information from an object is an access.

Label:
      Data that identifies the Mandatory Access Control
      characteristics of a subject or an object.
”h]”jÐ  )”}”(hhh]”(jÕ  )”}”(hŒ‹Subject:
A subject is an active entity on the computer system.
On Smack a subject is a task, which is in turn the basic unit
of execution.
”h]”(jÛ  )”}”(hŒSubject:”h]”hŒSubject:”…””}”(hj–  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M‘hj’  ubjë  )”}”(hhh]”h¾)”}”(hŒA subject is an active entity on the computer system.
On Smack a subject is a task, which is in turn the basic unit
of execution.”h]”hŒA subject is an active entity on the computer system.
On Smack a subject is a task, which is in turn the basic unit
of execution.”…””}”(hj§  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj¤  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj’  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M‘hj  ubjÕ  )”}”(hŒzObject:
An object is a passive entity on the computer system.
On Smack files of all types, IPC, and tasks can be objects.
”h]”(jÛ  )”}”(hŒObject:”h]”hŒObject:”…””}”(hjÅ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M•hjÁ  ubjë  )”}”(hhh]”h¾)”}”(hŒqAn object is a passive entity on the computer system.
On Smack files of all types, IPC, and tasks can be objects.”h]”hŒqAn object is a passive entity on the computer system.
On Smack files of all types, IPC, and tasks can be objects.”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M”hjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjÁ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M•hj  ubjÕ  )”}”(hŒiAccess:
Any attempt by a subject to put information into or get
information from an object is an access.
”h]”(jÛ  )”}”(hŒAccess:”h]”hŒAccess:”…””}”(hjô  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M™hjð  ubjë  )”}”(hhh]”h¾)”}”(hŒ`Any attempt by a subject to put information into or get
information from an object is an access.”h]”hŒ`Any attempt by a subject to put information into or get
information from an object is an access.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M˜hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjð  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M™hj  ubjÕ  )”}”(hŒdLabel:
Data that identifies the Mandatory Access Control
characteristics of a subject or an object.
”h]”(jÛ  )”}”(hŒLabel:”h]”hŒLabel:”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h Mhj  ubjë  )”}”(hhh]”h¾)”}”(hŒ\Data that identifies the Mandatory Access Control
characteristics of a subject or an object.”h]”hŒ\Data that identifies the Mandatory Access Control
characteristics of a subject or an object.”…””}”(•¨é      hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mœhj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h Mhj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hj‹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MŽhjl  hžhubh¾)”}”(hŒ•These definitions are consistent with the traditional use in the security
community. There are also some terms from Linux that are likely to crop up:”h]”hŒ•These definitions are consistent with the traditional use in the security
community. There are also some terms from Linux that are likely to crop up:”…””}”(hjZ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MŸhjl  hžhubh¸)”}”(hX/  Capability:
      A task that possesses a capability has permission to
      violate an aspect of the system security policy, as identified by
      the specific capability. A task that possesses one or more
      capabilities is a privileged task, whereas a task with no
      capabilities is an unprivileged task.

Privilege:
      A task that is allowed to violate the system security
      policy is said to have privilege. As of this writing a task can
      have privilege either by possessing capabilities or by having an
      effective user of root.
”h]”jÐ  )”}”(hhh]”(jÕ  )”}”(hX  Capability:
A task that possesses a capability has permission to
violate an aspect of the system security policy, as identified by
the specific capability. A task that possesses one or more
capabilities is a privileged task, whereas a task with no
capabilities is an unprivileged task.
”h]”(jÛ  )”}”(hŒCapability:”h]”hŒCapability:”…””}”(hjs  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M§hjo  ubjë  )”}”(hhh]”h¾)”}”(hX  A task that possesses a capability has permission to
violate an aspect of the system security policy, as identified by
the specific capability. A task that possesses one or more
capabilities is a privileged task, whereas a task with no
capabilities is an unprivileged task.”h]”hX  A task that possesses a capability has permission to
violate an aspect of the system security policy, as identified by
the specific capability. A task that possesses one or more
capabilities is a privileged task, whereas a task with no
capabilities is an unprivileged task.”…””}”(hj„  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M£hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjo  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M§hjl  ubjÕ  )”}”(hŒÚPrivilege:
A task that is allowed to violate the system security
policy is said to have privilege. As of this writing a task can
have privilege either by possessing capabilities or by having an
effective user of root.
”h]”(jÛ  )”}”(hŒ
Privilege:”h]”hŒ
Privilege:”…””}”(hj¢  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M­hjž  ubjë  )”}”(hhh]”h¾)”}”(hŒÎA task that is allowed to violate the system security
policy is said to have privilege. As of this writing a task can
have privilege either by possessing capabilities or by having an
effective user of root.”h]”hŒÎA task that is allowed to violate the system security
policy is said to have privilege. As of this writing a task can
have privilege either by possessing capabilities or by having an
effective user of root.”…””}”(hj³  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mªhj°  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjž  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M­hjl  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h M¢hjl  hžhubeh}”(h]”Œsmack-terminology”ah ]”h"]”Œsmack terminology”ah$]”h&]”uh1h¡hj   hžhhŸh¶h M‡ubh¢)”}”(hhh]”(h§)”}”(hŒSmack Basics”h]”hŒSmack Basics”…””}”(hjä  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjá  hžhhŸh¶h M°ubh¾)”}”(hŒ»Smack is an extension to a Linux system. It enforces additional restrictions
on what subjects can access which objects, based on the labels attached to
each of the subject and the object.”h]”hŒ»Smack is an extension to a Linux system. It enforces additional restrictions
on what subjects can access which objects, based on the labels attached to
each of the subject and the object.”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M²hjá  hžhubh¢)”}”(hhh]”(h§)”}”(hŒLabels”h]”hŒLabels”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj   hžhhŸh¶h M·ubh¾)”}”(hXv  Smack labels are ASCII character strings. They can be up to 255 characters
long, but keeping them to twenty-three characters is recommended.
Single character labels using special characters, that being anything
other than a letter or digit, are reserved for use by the Smack development
team. Smack labels are unstructured, case sensitive, and the only operation
ever performed on them is comparison for equality. Smack labels cannot
contain unprintable characters, the "/" (slash), the "\" (backslash), the "'"
(quote) and '"' (double-quote) characters.
Smack labels cannot begin with a '-'. This is reserved for special options.”h]”hXŒ  Smack labels are ASCII character strings. They can be up to 255 characters
long, but keeping them to twenty-three characters is recommended.
Single character labels using special characters, that being anything
other than a letter or digit, are reserved for use by the Smack development
team. Smack labels are unstructured, case sensitive, and the only operation
ever performed on them is comparison for equality. Smack labels cannot
contain unprintable characters, the â€œ/â€ (slash), the â€œ " (backslash), the â€œâ€™â€
(quote) and â€˜â€â€™ (double-quote) characters.
Smack labels cannot begin with a â€˜-â€™. This is reserved for special options.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M¹hj   hžhubh¾)”}”(hŒ"There are some predefined labels::”h]”hŒ!There are some predefined labels:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÃhj   hžhubj  )”}”(hX  _       Pronounced "floor", a single underscore character.
^       Pronounced "hat", a single circumflex character.
*       Pronounced "star", a single asterisk character.
?       Pronounced "huh", a single question mark character.
@       Pronounced "web", a single at sign character.”h]”hX  _       Pronounced "floor", a single underscore character.
^       Pronounced "hat", a single circumflex character.
*       Pronounced "star", a single asterisk character.
?       Pronounced "huh", a single question mark character.
@       Pronounced "web", a single at sign character.”…””}”hj-  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MÅhj   hžhubh¾)”}”(hŒEvery task on a Smack system is assigned a label. The Smack label
of a process will usually be assigned by the system initialization
mechanism.”h]”hŒEvery task on a Smack system is assigned a label. The Smack label
of a process will usually be assigned by the system initialization
mechanism.”…””}”(hj;  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MËhj   hžhubeh}”(h]”Œlabels”ah ]”h"]”Œlabels”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h M·ubh¢)”}”(hhh]”(h§)”}”(hŒAccess Rules”h]”hŒAccess Rules”…””}”(hjT  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjQ  hžhhŸh¶h MÐubh¾)”}”(hŒ¿Smack uses the traditional access modes of Linux. These modes are read,
execute, write, and occasionally append. There are a few cases where the
access mode may not be obvious. These include:”h]”hŒ¿Smack uses the traditional access modes of Linux. These modes are read,
execute, write, and occasionally append. There are a few cases where the
access mode may not be obvious. These include:”…””}”(hjb  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÒhjQ  hžhubh¸)”}”(hŒæSignals:
      A signal is a write operation from the subject task to
      the object task.

Internet Domain IPC:
      Transmission of a packet is considered a
      write operation from the source task to the destination task.
”h]”jÐ  )”}”(hhh]”(jÕ  )”}”(hŒQSignals:
A signal is a write operation from the subject task to
the object task.
”h]”(jÛ  )”}”(hŒSignals:”h]”hŒSignals:”…””}”(hj{  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h MØhjw  ubjë  )”}”(hhh]”h¾)”}”(hŒGA signal is a write operation from the subject task to
the object task.”h]”hŒGA signal is a write operation from the subject task to
the object task.”…””}”(hjŒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M×hj‰  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h MØhjt  ubjÕ  )”}”(hŒ|Internet Domain IPC:
Transmission of a packet is considered a
write operation from the source task to the destination task.
”h]”(jÛ  )”}”(hŒInternet Domain IPC:”h]”hŒInternet Domain IPC:”…””}”(hjª  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h MÜhj¦  ubjë  )”}”(hhh]”h¾)”}”(hŒfTransmission of a packet is considered a
write operation from the source task to the destination task.”h]”hŒfTransmission of a packet is considered a
write operation from the source task to the destination task.”…””}”(hj»  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÛhj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj¦  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h MÜhjt  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hjp  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MÖhjQ  hžhubh¾)”}”(hŒžSmack restricts access based on the label attached to a subject and the label
attached to the object it is trying to access. The rules enforced are, in
order:”h]”hŒžSmack restricts access based on the label attached to a subject and the label
attached to the object it is trying to access. The rules enforced are, in
order:”…””}”(hjá  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÞhjQ  hžhubh¸)”}”(hXã  1. Any access requested by a task labeled "*" is denied.
2. A read or execute access requested by a task labeled "^"
   is permitted.
3. A read or execute access requested on an object labeled "_"
   is permitted.
4. Any access requested on an object labeled "*" is permitted.
5. Any access requested by a task on an object with the same
   label is permitted.
6. Any access requested that is explicitly defined in the loaded
   rule set is permitted.
7. Any other access is denied.
”h]”hŒenumerated_list”“”)”}”(hhh]”(j  )”}”(hŒ5Any access requested by a task labeled "*" is denied.”h]”h¾)”}”(hjú  h]”hŒ9Any access requested by a task labeled â€œ*â€ is denied.”…””}”(hjü  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mâhjø  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hŒFA read or execute access requested by a task labeled "^"
is permitted.”h]”h¾)”}”(hŒFA read or execute access requested by a task labeled "^"
is permitted.”h]”hŒJA read or execute access requested by a task labeled â€œ^â€
is permitted.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mãhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hŒIA read or execute access requested on an object labeled "_"
is permitted.”h]”h¾)”}”(hŒIA read or execute access requested on an object labeled "_"
is permitted.”h]”hŒMA read or execute access requested on an object labeled â€œ_â€
is permitted.”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Måhj'  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hŒ;Any access requested on an object labeled "*" is permitted.”h]”h¾)”}”(hjA  h]”hŒ?Any access requested on an object labeled â€œ*â€ is permitted.”…””}”(hjC  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mçhj?  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hŒMAny access requested by a task on an object with the same
label is permitted.”h]”h¾)”}”(hŒMAny access requested by a task on an object with the same
label is permitted.”h]”hŒMAny access requested by a task on an object with the same
label is permitted.”…””}”(hjZ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MèhjV  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hŒTAny access requested that is explicitly defined in the loaded
rule set is permitted.”h]”h¾)”}”(hŒTAny access requested that is explicitly defined in the loaded
rule set is permitted.”h]”hŒTAny access requested that is explicitly defined in the loaded
rule set is permitted.”…””}”(hjr  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mêhjn  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hŒAny other access is denied.
”h]”h¾)”}”(hŒAny other access is denied.”h]”hŒAny other access is denied.”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mìhj†  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1jó  hjï  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MâhjQ  hžhubeh}”(h]”Œaccess-rules”ah ]”h"]”Œaccess rules”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h MÐubh¢)”}”(hhh]”(h§)”}”(hŒSmack Access Rules”h]”hŒSmack Access Rules”…””}”(hjº  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj·  hžhhŸh¶h Mïubh¾)”}”(hXþ  With the isolation provided by Smack access separation is simple. There are
many interesting cases where limited access by subjects to objects with
different labels is desired. One example is the familiar spy model of
sensitivity, where a scientist working on a highly classified project would be
able to read documents of lower classifications and anything she writes will
be "born" highly classified. To accommodate such schemes Smack includes a
mechanism for specifying rules allowing access between labels.”h]”hX  With the isolation provided by Smack access separation is simple. There are
many interesting cases where limited access by subjects to objects with
different labels is desired. One example is the familiar spy model of
sensitivity, where a scientist working on a highly classified project would be
able to read documents of lower classifications and anything she writes will
be â€œbornâ€ highly classified. To accommodate such schemes Smack includes a
mechanism for specifying rules allowing access between labels.”…””}”(hjÈ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mñhj·  hžhubeh}”(h]”Œsmack-access-rules”ah ]”h"]”Œsmack access rules”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h Mïubh¢)”}”(hhh]”(h§)”}”(hŒAccess Rule Format”h]”hŒAccess Rule Format”…””}”(hjá  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÞ  hžhhŸh¶h Múubh¾)”}”(hŒ!The format of an access rule is::”h]”hŒ The format of an access rule is:”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MühjÞ  hžhubj  )”}”(hŒ!subject-label object-label access”h]”hŒ!subject-label object-label access”…””}”hjý  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MþhjÞ  hžhubh¾)”}”(hŒûWhere subject-label is the Smack label of the task, object-label is the Smack
label of the thing being accessed, and access is a string specifying the sort
of access allowed. The access specification is searched for letters that
describe access modes:”h]”hŒûWhere subject-label is the Smack label of the task, object-label is the Smack
label of the thing being accessed, and access is a string specifying the sort
of access allowed. The access specification is searched for letters that
describe access modes:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M hjÞ  hžhubh¸)”}”(hX9  a: indicates that append access should be granted.
r: indicates that read access should be granted.
w: indicates that write access should be granted.
x: indicates that execute access should be granted.
t: indicates that the rule requests transmutation.
b: indicates that the rule should be reported for bring-up.
”h]”h¾)”}”(hX8  a: indicates that append access should be granted.
r: indicates that read access should be granted.
w: indicates that write access should be granted.
x: indicates that execute access should be granted.
t: indicates that the rule requests transmutation.
b: indicates that the rule should be reported for bring-up.”h]”hX8  a: indicates that append access should be granted.
r: indicates that read access should be granted.
w: indicates that write access should be granted.
x: indicates that execute access should be granted.
t: indicates that the rule requests transmutation.
b: indicates that the rule should be reported for bring-up.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MhjÞ  hžhubh¾)”}”(hŒ–Uppercase values for the specification letters are allowed as well.
Access mode specifications can be in any order. Examples of acceptable rules
are::”h]”hŒ•Uppercase values for the specification letters are allowed as well.
Access mode specifications can be in any order. Examples of acceptable rules
are:”…””}”(hj1  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MhjÞ  hžhubj  )”}”(hŒ•TopSecret Secret  rx
Secret    Unclass R
Manager   Game    x
User      HR      w
Snap      Crackle rwxatb
New       Old     rRrRr
Closed    Off     -”h]”hŒ•TopSecret Secret  rx
Secret    Unclass R
Manager   Game    x
User      HR      w
Snap      Crackle rwxatb
New       Old     rRrRr
Closed    Off     -”…””}”hj?  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MhjÞ  hžhubh¾)”}”(hŒ$Examples of unacceptable rules are::”h]”hŒ#Examples of unacceptable rules are:”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MhjÞ  hžhubj  )”}”(hŒOTop Secret Secret     rx
Ace        Ace        r
Odd        spells     waxbeans”h]”hŒOTop Secret Secret     rx
Ace        Ace        r
Odd        spells     waxbeans”…””}”hj[  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MhjÞ  hžhubh¾)”}”(hXm  Spaces are not allowed in labels. Since a subject always has access to files
with the same label specifying a rule for that case is pointless. Only
valid letters (rwxatbRWXATB) and the dash ('-') character are allowed in
access specifications. The dash is a placeholder, so "a-r" is the same
as "ar". A lone dash is used to specify that no access should be allowed.”h]”hXy  Spaces are not allowed in labels. Since a subject always has access to files
with the same label specifying a rule for that case is pointless. Only
valid letters (rwxatbRWXATB) and the dash (â€˜-â€™) character are allowed in
access specifications. The dash is a placeholder, so â€œa-râ€ is the same
as â€œarâ€. A lone dash is used to specify that no access should be allowed.”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MhjÞ  hžhubeh}”(h]”Œaccess-rule-format”ah ]”h"]”Œaccess rule format”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h Múubh¢)”}”(hhh]”(h§)”}”(hŒApplying Access Rules”h]”hŒApplying Access Rules”…””}”(hj‚  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h M%ubh¾)”}”(hX  The developers of Linux rarely define new sorts of things, usually importing
schemes and concepts from other systems. Most often, the other systems are
variants of Unix. Unix has many endearing properties, but consistency of
access control models is not one of them. Smack strives to treat accesses as
uniformly as is sensible while keeping with the spirit of the underlying
mechanism.”h]”hX  The developers of Linux rarely define new sorts of things, usually importing
schemes and concepts from other systems. Most often, the other systems are
variants of Unix. Unix has many endearing properties, but consistency of
access control models is not one of them. Smack strives to treat accesses as
uniformly as is sensible while keeping with the spirit of the underlying
mechanism.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M'hj  hžhubh¾)”}”(hXý  File system objects including files, directories, named pipes, symbolic links,
and devices require access permissions that closely match those used by mode
bit access. To open a file for reading read access is required on the file. To
search a directory requires execute access. Creating a file with write access
requires both read and write access on the containing directory. Deleting a
file requires read and write access to the file and to the containing
directory. It is possible that a user may be able to see that a file exists
but not any of its attributes by the circumstance of having read access to the
containing directory but not to the differently labeled file. This is an
artifact of the file name being data in the directory, not a part of the file.”h]”hXý  File system objects including files, directories, named pipes, symbolic links,
and devices require access permissions that closely match those used by mode
bit access. To open a file for reading read access is required on the file. To
search a directory requires execute access. Creating a file with write access
requires both read and write access on the containing directory. Deleting a
file requires read and write access to the file and to the containing
directory. It is possible that a user may be able to see that a file exists
but not any of its attributes by the circumstance of having read access to the
containing directory but not to the differently labeled file. This is an
artifact of the file name being data in the directory, not a part of the file.”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M.hj  hžhubh¾)”}”(hX€  If a directory is marked as transmuting (SMACK64TRANSMUTE=TRUE) and the
access rule that allows a process to create an object in that directory
includes 't' access the label assigned to the new object will be that
of the directory, not the creating process. This makes it much easier
for two processes with different labels to share data without granting
access to all of their files.”h]”hX„  If a directory is marked as transmuting (SMACK64TRANSMUTE=TRUE) and the
access rule that allows a process to create an object in that directory
includes â€˜tâ€™ access the label assigned to the new object will be that
of the directory, not the creating process. This makes it much easier
for two processes with different labels to share data without granting
access to all of their files.”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M9hj  hžhubh¾)”}”(hŒ IPC objects, message queues, semaphore sets, and memory segments exist in flat
namespaces and access requests are only required to match the object in
question.”h]”hŒ IPC objects, message queues, semaphore sets, and memory segments exist in flat
namespaces and access requests are only required to match the object in
question.”…””}”(hjº  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M@hj  hžhubh¾)”}”(hX¾  Process objects reflect tasks on the system and the Smack label used to access
them is the same Smack label that the task would use for its own access
attempts. Sending a signal via the kill() system call is a write operation
from the signaler to the recipient. Debugging a process requires both reading
and writing. Creating a new task is an internal operation that results in two
tasks with identical Smack labels and requires no access checks.”h]”hX¾  Process objects reflect tasks on the system and the Smack label used to access
them is the same Smack label that the task would use for its own access
attempts. Sending a signal via the kill() system call is a write operation
from the signaler to the recipient. Debugging a process requires both reading
and writing. Creating a new task is an internal operation that results in two
tasks with identical Smack labels and requires no access checks.”…””}”(hjÈ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MDhj  hžhubh¾)”}”(hŒÞSockets are data structures attached to processes and sending a packet from
one process to another requires that the sender have write access to the
receiver. The receiver is not required to have read access to the sender.”h]”hŒÞSockets are data structures attached to processes and sending a packet from
one process to another requires that the sender have write access to the
receiver. The receiver is not required to have read access to the sender.”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MKhj  hžhubeh}”(h]”Œapplying-access-rules”ah ]”h"]”Œapplying access rules”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h M%ubh¢)”}”(hhh]”(h§)”}”(hŒSetting Access Rules”h]”hŒSetting Access Rules”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjì  hžhhŸh¶h MPubh¾)”}”(hXg  The configuration file /etc/smack/accesses contains the rules to be set at
system startup. The contents are written to the special file
/sys/fs/smackfs/load2. Rules can be added at any time and take effect
immediately. For any pair of subject and object labels there can be only
one rule, with the most recently specified overriding any earlier
specification.”h]”hXg  The configuration file /etc/smack/accesses contains the rules to be set at
system startup. The contents are written to the special file
/sys/fs/smackfs/load2. Rules can be added at any time and take effect
immediately. For any pair of subject and object labels there can be only
one rule, with the most recently specified overriding any earlier
specification.”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MRhjì  hžhubeh}”(h]”Œsetting-access-rules”ah ]”h"]”Œsetting access rules”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h MPubh¢)”}”(hhh]”(h§)”}”(hŒTask Attribute”h]”hŒTask Attribute”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h MZubh¾)”}”(hX  The Smack label of a process can be read from /proc/<pid>/attr/current. A
process can read its own Smack label from /proc/self/attr/current. A
privileged process can change its own Smack label by writing to
/proc/self/attr/current but not the label of another process.”h]”hX  The Smack label of a process can be read from /proc/<pid>/attr/current. A
process can read its own Smack label from /proc/self/attr/current. A
privileged process can change its own Smack label by writing to
/proc/self/attr/current but not the label of another process.”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M\hj  hžhubeh}”(h]”Œtask-attribute”ah ]”h"]”Œtask attribute”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h MZubh¢)”}”(hhh]”(h§)”}”(hŒFile Attribute”h]”hŒFile Attribute”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj:  hžhhŸh¶h Mbubh¾)”}”(hŒÅThe Smack label of a filesystem object is stored as an extended attribute
named SMACK64 on the file. This attribute is in the security namespace. It can
only be changed by a process with privilege.”h]”hŒÅThe Smack label of a filesystem object is stored as an extended attribute
named SMACK64 on the file. This attribute is in the security namespace. It can
only be changed by a process with privilege.”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mdhj:  hžhubeh}”(h]”Œfile-attribute”ah ]”h"]”Œfile attribute”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h Mbubh¢)”}”(hhh]”(h§)”}”(hŒ	Privilege”h]”hŒ	Privilege”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hja  hžhhŸh¶h Miubh¾)”}”(hŒèA process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
CAP_MAC_OVERRIDE allows the process access to objects it would
be denied otherwise. CAP_MAC_ADMIN allows a process to change
Smack data, including rules and attributes.”h]”hŒèA process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
CAP_MAC_OVERRIDE allows the process access to objects it would
be denied otherwise. CAP_MAC_ADMIN allows a process to change
Smack data, including rules and attributes.”…””}”(hjr  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mkhja  hžhubeh}”(h]”Œ	privilege”ah ]”h"]”Œ	privilege”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h Miubh¢)”}”(hhh]”(h§)”}”(hŒSmack Networking”h]”hŒSmack Networking”…””}”(hj‹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjˆ  hžhhŸh¶h Mqubh¾)”}”(hX2  As mentioned before, Smack enforces access control on network protocol
transmissions. Every packet sent by a Smack process is tagged with its Smack
label. This is done by adding a CIPSO tag to the header of the IP packet. Each
packet received is expected to have a CIPSO tag that identifies the label and
if it lacks such a tag the network ambient label is assumed. Before the packet
is delivered a check is made to determine that a subject with the label on the
packet has write access to the receiving process and if that is not the case
the packet is dropped.”h]”hX2  As mentioned before, Smack enforces access control on network protocol
transmissions. Every packet sent by a Smack process is tagged with its Smack
label. This is done by adding a CIPSO tag to the header of the IP packet. Each
packet received is expected to have a CIPSO tag that identifies the label and
if it lacks such a tag the network ambient label is assumed. Before the packet
is delivered a check is made to determine that a subject with the label on the
packet has write access to the receiving process and if that is not the case
the packet is dropped.”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mshjˆ  hžhubeh}”(h]”Œsmack-networking”ah ]”h"]”Œsmack networking”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h Mqubh¢)”}”(hhh]”(h§)”}”(hŒCIPSO Configuration”h]”hŒCIPSO Configuration”…””}”(hj²  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj¯  hžhhŸh¶h M}ubh¾)”}”(hX<  It is normally unnecessary to specify the CIPSO configuration. The default
values used by the system handle all internal cases. Smack will compose CIPSO
label values to match the Smack labels being used without administrative
intervention. Unlabeled packets that come into the system will be given the
ambient label.”h]”hX<  It is normally unnecessary to specify the CIPSO configuration. The default
values used by the system handle all internal cases. Smack will compose CIPSO
label values to match the Smack labels being used without administrative
intervention. Unlabeled packets that come into the system will be given the
ambient label.”…””}”(hjÀ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj¯  hžhubh¾)”}”(hXŸ  Smack requires configuration in the case where packets from a system that is
not Smack that speaks CIPSO may be encountered. Usually this will be a Trusted
Solaris system, but there are other, less widely deployed systems out there.
CIPSO provides 3 important values, a Domain Of Interpretation (DOI), a level,
and a category set with each packet. The DOI is intended to identify a group
of systems that use compatible labeling schemes, and the DOI specified on the
Smack system must match that of the remote system or packets will be
discarded. The DOI is 3 by default. The value can be read from
/sys/fs/smackfs/doi and can be changed by writing to /sys/fs/smackfs/doi.”h]”hXŸ  Smack requires configuration in the case where packets from a system that is
not Smack that speaks CIPSO may be encountered. Usually this will be a Trusted
Solaris system, but there are other, less widely deployed systems out there.
CIPSO provides 3 important values, a Domain Of Interpretation (DOI), a level,
and a category set with each packet. The DOI is intended to identify a group
of systems that use compatible labeling schemes, and the DOI specified on the
Smack system must match that of the remote system or packets will be
discarded. The DOI is 3 by default. The value can be read from
/sys/fs/smackfs/doi and can be changed by writing to /sys/fs/smackfs/doi.”…””}”(hjÎ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M…hj¯  hžhubh¾)”}”(hŒVThe label and category set are mapped to a Smack label as defined in
/etc/smack/cipso.”h]”hŒVThe label and category set are mapped to a Smack label as defined in
/etc/smack/cipso.”…””}”(hjÜ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj¯  hžhubh¾)”}”(hŒ$A Smack/CIPSO mapping has the form::”h]”hŒ#A Smack/CIPSO mapping has the form:”…””}”(hjê  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M’hj¯  hžhubj  )”}”(hŒ"smack level [category [category]*]”h]”hŒ"smack level [category [category]*]”…””}”hjø  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h M”hj¯  hžhubh¾)”}”(hŒ¦Smack does not expect the level or category sets to be related in any
particular way and does not assume or assign accesses based on them. Some
examples of mappings::”h]”hŒ¥Smack does not expect the level or category sets to be related in any
particular way and does not assume or assign accesses based on them. Some
examples of mappings:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M–hj¯  hžhubj  )”}”(hŒ?TopSecret 7
TS:A,B    7 1 2
SecBDE    5 2 4 6
RAFTERS   7 12 26”h]”hŒ?TopSecret 7
TS:A,B    7 1 2
SecBDE    5 2 4 6
RAFTERS   7 12 26”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Mšhj¯  hžhubh¾)”}”(hŒVThe ":" and "," characters are permitted in a Smack label but have no special
meaning.”h]”hŒ^The â€œ:â€ and â€œ,â€ characters are permitted in a Smack label but have no special
meaning.”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MŸhj¯  hžhubh¾)”}”(hŒ\The mapping of Smack labels to CIPSO values is defined by writing to
/sys/fs/smackfs/cipso2.”h]”hŒ\The mapping of Smack labels to CIPSO values is defined by writing to
/sys/fs/smackfs/cipso2.”…””}”(hj0  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M¢hj¯  hžhubh¾)”}”(hXF  In addition to explicit mappings Smack supports direct CIPSO mappings. One
CIPSO level is used to indicate that the category set passed in the packet is
in fact an encoding of the Smack label. The level used is 250 by default. The
value can be read from /sys/fs/smackfs/direct and changed by writing to
/sys/fs/smackfs/direct.”h]”hXF  In addition to explicit mappings Smack supports direct CIPSO mappings. One
CIPSO level is used to indicate that the category set passed in the packet is
in fact an encoding of the Smack label. The level used is 250 by default. The
value can be read from /sys/fs/smackfs/direct and changed by writing to
/sys/fs/smackfs/direct.”…””}”(hj>  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M¥hj¯  hžhubeh}”(h]”Œcipso-configuration”ah ]”h"]”Œcipso configuration”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h M}ubh¢)”}”(hhh]”(h§)”}”(hŒSocket Attributes”h]”hŒSocket Attributes”…””}”(hjW  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjT  hžhhŸh¶h M¬ubh¾)”}”(hŒ¢There are two attributes that are associated with sockets. These attributes
can only be set by privileged tasks, but any task can read them for their own
sockets.”h]”hŒ¢There are two attributes that are associated with sockets. These attributes
can only be set by privileged tasks, but any task can read them for their own
sockets.”…””}”(hje  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M®hjT  hžhubh¸)”}”(hXH  SMACK64IPIN:
      The Smack label of the task object. A privileged
      program that will enforce policy may set this to the star label.

SMACK64IPOUT:
      The Smack label transmitted with outgoing packets.
      A privileged program may set this to match the label of another
      task with which it hopes to communicate.
”h]”jÐ  )”}”(hhh]”(jÕ  )”}”(hŒSMACK64IPIN:
The Smack label of the task object. A privileged
program that will enforce policy may set this to the star label.
”h]”(jÛ  )”}”(hŒSMACK64IPIN:”h]”hŒSMACK64IPIN:”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M´hjz  ubjë  )”}”(hhh]”h¾)”}”(hŒqThe Smack label of the task object. A privileged
program that will enforce policy may set this to the star label.”h]”hŒqThe Smack label of the task object. A privileged
program that will enforce policy may set this to the star label.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M³hjŒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjz  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M´hjw  ubjÕ  )”}”(hŒªSMACK64IPOUT:
The Smack label transmitted with outgoing packets.
A privileged program may set this to match the label of another
task with which it hopes to communicate.
”h]”(jÛ  )”}”(hŒSMACK64IPOUT:”h]”hŒSMACK64IPOUT:”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M¹hj©  ubjë  )”}”(hhh]”h¾)”}”(hŒ›The Smack label transmitted with outgoing packets.
A privileged program may set this to match the label of another
task with which it hopes to communicate.”h]”hŒ›The Smack label transmitted with outgoing packets.
A privileged program may set this to match the label of another
task with which it hopes to communicate.”…””}”(hj¾  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M·hj»  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj©  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M¹hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hjs  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h M²hjT  hžhubeh}”(h]”Œsocket-attributes”ah ]”h"]”Œsocket attributes”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h M¬ubh¢)”}”(hhh]”(h§)”}”(hŒSmack Netlabel Exceptions”h]”hŒSmack Netlabel Exceptions”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjì  hžhhŸh¶h M¼ubh¾)”}”(hŒÌYou will often find that your labeled application has to talk to the outside,
unlabeled world. To do this there's a special file /sys/fs/smackfs/netlabel
where you can add some exceptions in the form of::”h]”hŒÍYou will often find that your labeled application has to talk to the outside,
unlabeled world. To do this thereâ€™s a special file /sys/fs/smackfs/netlabel
where you can add some exceptions in the form of:”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M¾hjì  hžhubj  )”}”(hŒ&@IP1       LABEL1 or
@IP2/MASK  LABEL2”h]”hŒ&@IP1       LABEL1 or
@IP2/MASK  LABEL2”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MÂhjì  hžhubh¾)”}”(hŒ¨It means that your application will have unlabeled access to @IP1 if it has
write access on LABEL1, and access to the subnet @IP2/MASK if it has write
access on LABEL2.”h]”hŒ¨It means that your application will have unlabeled access to @IP1 if it has
write access on LABEL1, and access to the subnet @IP2/MASK if it has write
access on LABEL2.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÅhjì  hžhubh¾)”}”(hŒoEntries in the /sys/fs/smackfs/netlabel file are matched by longest mask
first, like in classless IPv4 routing.”h]”hŒoEntries in the /sys/fs/smackfs/netlabel file are matched by longest mask
first, like in classless IPv4 routing.”…””}”(hj'  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÉhjì  hžhubh¾)”}”(hŒ>A special label '@' and an option '-CIPSO' can be used there::”h]”hŒEA special label â€˜@â€™ and an option â€˜-CIPSOâ€™ can be used there:”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÌhjì  hžhubj  )”}”(hŒm@      means Internet, any application with any label has access to it
-CIPSO means standard CIPSO networking”h]”hŒm@      means Internet, any application with any label has access to it
-CIPSO means standard CIPSO networking”…””}”hjC  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MÎhjì  hžhubh¾)”}”(hŒKIf you don't know what CIPSO is and don't plan to use it, you can just do::”h]”hŒNIf you donâ€™t know what CIPSO is and donâ€™t plan to use it, you can just do:”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÑhjì  hžhubj  )”}”(hŒaecho 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
echo 0.0.0.0/0 @      > /sys/fs/smackfs/netlabel”h]”hŒaecho 127.0.0.1 -CIPSO > /sys/fs/smackfs/netlabel
echo 0.0.0.0/0 @      > /sys/fs/smackfs/netlabel”…””}”hj_  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MÓhjì  hžhubh¾)”}”(hŒmIf you use CIPSO on your 192.168.0.0/16 local network and need also unlabeled
Internet access, you can have::”h]”hŒlIf you use CIPSO on your 192.168.0.0/16 local network and need also unlabeled
Internet access, you can have:”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MÖhjì  hžhubj  )”}”(hŒ¡echo 127.0.0.1      -CIPSO > /sys/fs/smackfs/netlabel
echo 192.168.0.0/16 -CIPSO > /sys/fs/smackfs/netlabel
echo 0.0.0.0/0      @      > /sys/fs/smackfs/netlabel”h]”hŒ¡echo 127.0.0.1      -CIPSO > /sys/fs/smackfs/netlabel
echo 192.168.0.0/16 -CIPSO > /sys/fs/smackfs/netlabel
echo 0.0.0.0/0      @      > /sys/fs/smackfs/netlabel”…””}”hj{  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MÙhjì  hžhubeh}”(h]”Œsmack-netlabel-exceptions”ah ]”h"]”Œsmack netlabel exceptions”ah$]”h&]”uh1h¡hjá  hžhhŸh¶h M¼ubeh}”(h]”Œsmack-basics”ah ]”h"]”Œsmack basics”ah$]”h&]”uh1h¡hj   hžhhŸh¶h M°ubh¢)”}”(hhh]”(h§)”}”(hŒWriting Applications for Smack”h]”hŒWriting Applications for Smack”…””}”(hjœ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj™  hžhhŸh¶h MÞubh¾)”}”(hŒ³There are three sorts of applications that will run on a Smack system. How an
application interacts with Smack will determine what it will have to do to
work properly under Smack.”h]”hŒ³There are three sorts of applications that will run on a Smack system. How an
application interacts with Smack will determine what it will have to do to
work properly under Smack.”…””}”(hjª  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Màhj™  hžhubeh}”(h]”Œwriting-applications-for-smack”ah ]”h"]”Œwriting applications for smack”ah$]”h&]”uh1h¡hj   hžhhŸh¶h MÞubh¢)”}”(hhh]”(h§)”}”(hŒSmack Ignorant Applications”h]”hŒSmack Ignorant Applications”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÀ  hžhhŸh¶h Måubh¾)”}”(hX  By far the majority of applications have no reason whatever to care about the
unique properties of Smack. Since invoking a program has no impact on the
Smack label associated with the process the only concern likely to arise is
whether the process has execute access to the program.”h]”hX  By far the majority of applications have no reason whatever to care about the
unique properties of Smack. Since invoking a program has no impact on the
Smack label associated with the process the only concern likely to arise is
whether the process has execute access to the program.”…””}”(hjÑ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MçhjÀ  hžhubeh}”(h]”Œsmack-ignorant-applications”ah ]”h"]”Œsmack ignorant applications”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Måubh¢)”}”(hhh]”(h§)”}”(hŒSmack Relevant Applications”h]”hŒSmack Relevant Applications”…””}”(hjê  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjç  hžhhŸh¶h Míubh¾)”}”(hŒ¢Some programs can be improved by teaching them about Smack, but do not make
any security decisions themselves. The utility ls(1) is one example of such a
program.”h]”hŒ¢Some programs can be improved by teaching them about Smack, but do not make
any security decisions themselves. The utility ls(1) is one example of such a
program.”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mïhjç  hžhubeh}”(h]”Œsmack-relevant-applications”ah ]”h"]”Œsmack relevant applications”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Míubh¢)”}”(hhh]”(h§)”}”(hŒSmack Enforcing Applications”h]”hŒSmack Enforcing Applications”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h Môubh¾)”}”(hX  These are special programs that not only know about Smack, but participate in
the enforcement of system policy. In most cases these are the programs that
set up user sessions. There are also network services that provide information
to processes running with various labels.”h]”hX  These are special programs that not only know about Smack, but participate in
the enforcement of system policy. In most cases these are the programs that
set up user sessions. There are also network services that provide information
to processes running with various labels.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Möhj  hžhubeh}”(h]”Œsmack-enforcing-applications”ah ]”h"]”Œsmack enforcing applications”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Môubh¢)”}”(hhh]”(h§)”}”(hŒFile System Interfaces”h]”hŒFile System Interfaces”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj5  hžhhŸh¶h Müubh¾)”}”(hŒ®Smack maintains labels on file system objects using extended attributes. The
Smack label of a file, directory, or other file system object can be obtained
using getxattr(2)::”h]”hŒ­Smack maintains labels on file system objects using extended attributes. The
Smack label of a file, directory, or other file system object can be obtained
using getxattr(2):”…””}”(hjF  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mþhj5  hžhubj  )”}”(hŒ?len = getxattr("/", "security.SMACK64", value, sizeof (value));”h]”hŒ?len = getxattr("/", "security.SMACK64", value, sizeof (value));”…””}”hjT  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Mhj5  hžhubh¾)”}”(hŒ’will put the Smack label of the root directory into value. A privileged
process can set the Smack label of a file system object with setxattr(2)::”h]”hŒ‘will put the Smack label of the root directory into value. A privileged
process can set the Smack label of a file system object with setxattr(2):”…””}”(hjb  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj5  hžhubj  )”}”(hŒTlen = strlen("Rubble");
rc = setxattr("/foo", "security.SMACK64", "Rubble", len, 0);”h]”hŒTlen = strlen("Rubble");
rc = setxattr("/foo", "security.SMACK64", "Rubble", len, 0);”…””}”hjp  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Mhj5  hžhubh¾)”}”(hŒVwill set the Smack label of /foo to "Rubble" if the program has appropriate
privilege.”h]”hŒZwill set the Smack label of /foo to â€œRubbleâ€ if the program has appropriate
privilege.”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M
hj5  hžhubeh}”(h]”Œfile-system-interfaces”ah ]”h"]”Œfile system interfaces”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Müubh¢)”}”(hhh]”(h§)”}”(hŒSocket Interfaces”h]”hŒSocket Interfaces”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj”  hžhhŸh¶h Mubh¾)”}”(hŒ5The socket attributes can be read using fgetxattr(2).”h]”hŒ5The socket attributes can be read using fgetxattr(2).”…””}”(hj¥  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj”  hžhubh¾)”}”(hŒTA privileged process can set the Smack label of outgoing packets with
fsetxattr(2)::”h]”hŒSA privileged process can set the Smack label of outgoing packets with
fsetxattr(2):”…””}”(hj³  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj”  hžhubj  )”}”(hŒVlen = strlen("Rubble");
rc = fsetxattr(fd, "security.SMACK64IPOUT", "Rubble", len, 0);”h]”hŒVlen = strlen("Rubble");
rc = fsetxattr(fd, "security.SMACK64IPOUT", "Rubble", len, 0);”…””}”hjÁ  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Mhj”  hžhubh¾)”}”(hŒqwill set the Smack label "Rubble" on packets going out from the socket if the
program has appropriate privilege::”h]”hŒtwill set the Smack label â€œRubbleâ€ on packets going out from the socket if the
program has appropriate privilege:”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj”  hžhubj  )”}”(hŒ?rc = fsetxattr(fd, "security.SMACK64IPIN, "*", strlen("*"), 0);”h]”hŒ?rc = fsetxattr(fd, "security.SMACK64IPIN, "*", strlen("*"), 0);”…””}”hjÝ  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h Mhj”  hžhubh¾)”}”(hŒ‰will set the Smack label "*" as the object label against which incoming
packets will be checked if the program has appropriate privilege.”h]”hŒwill set the Smack label â€œ*â€ as the object label against which incoming
packets will be checked if the program has appropriate privilege.”…””}”(hjë  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h Mhj”  hžhubeh}”(h]”Œsocket-interfaces”ah ]”h"]”Œsocket interfaces”ah$]”h&]”uh1h¡hj   hžhhŸh¶h Mubh¢)”}”(hhh]”(h§)”}”(hŒAdministration”h]”hŒAdministration”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h M!ubh¾)”}”(hŒ"Smack supports some mount options:”h]”hŒ"Smack supports some mount options:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M#hj  hžhubh¸)”}”(hX†  smackfsdef=label:
      specifies the label to give files that lack
      the Smack label extended attribute.

smackfsroot=label:
      specifies the label to assign the root of the
      file system if it lacks the Smack extended attribute.

smackfshat=label:
      specifies a label that must have read access to
      all labels set on the filesystem. Not yet enforced.

smackfsfloor=label:
      specifies a label to which all labels set on the
      filesystem must have read access. Not yet enforced.

smackfstransmute=label:
      behaves exactly like smackfsroot except that it also
      sets the transmute flag on the root of the mount
”h]”jÐ  )”}”(hhh]”(jÕ  )”}”(hŒbsmackfsdef=label:
specifies the label to give files that lack
the Smack label extended attribute.
”h]”(jÛ  )”}”(hŒsmackfsdef=label:”h]”hŒsmackfsdef=label:”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M'hj'  ubjë  )”}”(hhh]”h¾)”}”(hŒOspecifies the label to give files that lack
the Smack label extended attribute.”h]”hŒOspecifies the label to give files that lack
the Smack label extended attribute.”…””}”(hj<  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M&hj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj'  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M'hj$  ubjÕ  )”}”(hŒwsmackfsroot=label:
specifies the label to assign the root of the
file system if it lacks the Smack extended attribute.
”h]”(jÛ  )”}”(hŒsmackfsroot=label:”h]”hŒsmackfsroot=label:”…””}”(hjZ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M+hjV  ubjë  )”}”(hhh]”h¾)”}”(hŒcspecifies the label to assign the root of the
file system if it lacks the Smack extended attribute.”h]”hŒcspecifies the label to assign the root of the
file system if it lacks the Smack extended attribute.”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M*hjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjV  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M+hj$  ubjÕ  )”}”(hŒvsmackfshat=label:
specifies a label that must have read access to
all labels set on the filesystem. Not yet enforced.
”h]”(jÛ  )”}”(hŒsmackfshat=label:”h]”hŒsmackfshat=label:”…””}”(hj‰  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M/hj…  ubjë  )”}”(hhh]”h¾)”}”(hŒcspecifies a label that must have read access to
all labels set on the filesystem. Not yet enforced.”h]”hŒcspecifies a label that must have read access to
all labels set on the filesystem. Not yet enforced.”…””}”(hjš  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M.hj—  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj…  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M/hj$  ubjÕ  )”}”(hŒysmackfsfloor=label:
specifies a label to which all labels set on the
filesystem must have read access. Not yet enforced.
”h]”(jÛ  )”}”(hŒsmackfsfloor=label:”h]”hŒsmackfsfloor=label:”…””}”(hj¸  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M3hj´  ubjë  )”}”(hhh]”h¾)”}”(hŒdspecifies a label to which all labels set on the
filesystem must have read access. Not yet enforced.”h]”hŒdspecifies a label to which all labels set on the
filesystem must have read access. Not yet enforced.”…””}”(hjÉ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M2hjÆ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hj´  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M3hj$  ubjÕ  )”}”(hŒ~smackfstransmute=label:
behaves exactly like smackfsroot except that it also
sets the transmute flag on the root of the mount
”h]”(jÛ  )”}”(hŒsmackfstransmute=label:”h]”hŒsmackfstransmute=label:”…””}”(hjç  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hŸh¶h M7hjã  ubjë  )”}”(hhh]”h¾)”}”(hŒebehaves exactly like smackfsroot except that it also
sets the transmute flag on the root of the mount”h]”hŒebehaves exactly like smackfsroot except that it also
sets the transmute flag on the root of the mount”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M6hjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jê  hjã  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÔ  hŸh¶h M7hj$  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÏ  hj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h M%hj  hžhubh¾)”}”(hŒ3These mount options apply to all file system types.”h]”hŒ3These mount options apply to all file system types.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M9hj  hžhubeh}”(h]”Œadministration”ah ]”h"]”Œadministration”ah$]”h&]”uh1h¡hj   hžhhŸh¶h M!ubh¢)”}”(hhh]”(h§)”}”(hŒSmack auditing”h]”hŒSmack auditing”…””}”(hj7  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj4  hžhhŸh¶h M<ubh¾)”}”(hŒùIf you want Smack auditing of security events, you need to set CONFIG_AUDIT
in your kernel configuration.
By default, all denied events will be audited. You can change this behavior by
writing a single character to the /sys/fs/smackfs/logging file::”h]”hŒøIf you want Smack auditing of security events, you need to set CONFIG_AUDIT
in your kernel configuration.
By default, all denied events will be audited. You can change this behavior by
writing a single character to the /sys/fs/smackfs/logging file:”…””}”(hjE  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h M>hj4  hžhubj  )”}”(hŒR0 : no logging
1 : log denied (default)
2 : log accepted
3 : log denied & accepted”h]”hŒR0 : no logging
1 : log denied (default)
2 : log accepted
3 : log denied & accepted”…””}”hjS  sbah}”(h]”h ]”h"]”h$]”h&]”j"  j#  uh1j  hŸh¶h MChj4  hžhubh¾)”}”(hŒîEvents are logged as 'key=value' pairs, for each event you at least will get
the subject, the object, the rights requested, the action, the kernel function
that triggered the event, plus other pairs depending on the type of event
audited.”h]”hŒòEvents are logged as â€˜key=valueâ€™ pairs, for each event you at least will get
the subject, the object, the rights requested, the action, the kernel function
that triggered the event, plus other pairs depending on the type of event
audited.”…””}”(hja  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MHhj4  hžhubeh}”(h]”Œsmack-auditing”ah ]”h"]”Œsmack auditing”ah$]”h&]”uh1h¡hj   hžhhŸh¶h M<ubh¢)”}”(hhh]”(h§)”}”(hŒBringup Mode”h]”hŒBringup Mode”…””}”(hjz  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjw  hžhhŸh¶h MNubh¾)”}”(hXÖ  Bringup mode provides logging features that can make application
configuration and system bringup easier. Configure the kernel with
CONFIG_SECURITY_SMACK_BRINGUP to enable these features. When bringup
mode is enabled accesses that succeed due to rules marked with the "b"
access mode will logged. When a new label is introduced for processes
rules can be added aggressively, marked with the "b". The logging allows
tracking of which rules actual get used for that label.”h]”hXÞ  Bringup mode provides logging features that can make application
configuration and system bringup easier. Configure the kernel with
CONFIG_SECURITY_SMACK_BRINGUP to enable these features. When bringup
mode is enabled accesses that succeed due to rules marked with the â€œbâ€
access mode will logged. When a new label is introduced for processes
rules can be added aggressively, marked with the â€œbâ€. The logging allows
tracking of which rules actual get used for that label.”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MPhjw  hžhubh¾)”}”(hX  Another feature of bringup mode is the "unconfined" option. Writing
a label to /sys/fs/smackfs/unconfined makes subjects with that label
able to access any object, and objects with that label accessible to
all subjects. Any access that is granted because a label is unconfined
is logged. This feature is dangerous, as files and directories may
be created in places they couldn't if the policy were being enforced.”h]”hX£  Another feature of bringup mode is the â€œunconfinedâ€ option. Writing
a label to /sys/fs/smackfs/unconfined makes subjects with that label
able to access any object, and objects with that label accessible to
all subjects. Any access that is granted because a label is unconfined
is logged. This feature is dangerous, as files and directories may
be created in places they couldnâ€™t if the policy were being enforced.”…””}”(hj–  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hŸh¶h MXhjw  hžhubeh}”(h]”Œbringup-mode”ah ]”h"]”Œbringup mode”ah$]”h&]”uh1h¡hj   hžhhŸh¶h MNubeh}”(h]”Œ9the-simplified-mandatory-access-control-kernel-whitepaper”ah ]”h"]”Œ;the simplified mandatory access control kernel (whitepaper)”ah$]”h&]”uh1h¡hh£hžhhŸh¶h MTubeh}”(h]”Œsmack”ah ]”h"]”h$]”ji  ah&]”uh1h¡hhhžhhŸh¶h Kjk  Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jÞ  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(Œsmack”Nj±  j®  jó  jð  j  j  jA  j>  jÞ  jÛ  j–  j“  jN  jK  j´  j±  jÛ  jØ  j|  jy  jé  jæ  j  j  j7  j4  j^  j[  j…  j‚  j¬  j©  jQ  jN  jé  jæ  jŽ  j‹  j½  jº  jä  já  j  j  j2  j/  j‘  jŽ  jþ  jû  j1  j.  jt  jq  j©  j¦  uŒ	nametypes”}”(j"  ‰j±  ‰jó  ‰j  ‰jA  ‰jÞ  ‰j–  ‰jN  ‰j´  ‰jÛ  ‰j|  ‰jé  ‰j  ‰j7  ‰j^  ‰j…  ‰j¬  ‰jQ  ‰jé  ‰jŽ  ‰j½  ‰jä  ‰j  ‰j2  ‰j‘  ‰jþ  ‰j1  ‰jt  ‰j©  ‰uh}”(j¶  h£j®  j   jð  jÏ  j  jö  j>  j  je  jD  jÛ  jl  j“  já  jK  j   j±  jQ  jØ  j·  jy  jÞ  jæ  j  j  jì  j4  j  j[  j:  j‚  ja  j©  jˆ  jN  j¯  jæ  jT  j‹  jì  jº  j™  já  jÀ  j  jç  j/  j  jŽ  j5  jû  j”  j.  j  jq  j4  j¦  jw  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”jì  Ks…”R”Œparse_messages”]”hŒsystem_message”“”)”}”(hhh]”h¾)”}”(hŒ(Duplicate implicit target name: "smack".”h]”hŒ,Duplicate implicit target name: â€œsmackâ€.”…””}”(hjF  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h½hjC  ubah}”(h]”h ]”h"]”h$]”h&]”je  aŒlevel”KŒtype”ŒINFO”Œsource”h¶Œline”M|uh1jA  hjD  hžhhŸh¶h M|ubaŒtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.