WSL2-Linux-Kernel/Documentation
Casey Schaufler e114e47377 Smack: Simplified Mandatory Access Control Kernel
Smack is the Simplified Mandatory Access Control Kernel.

Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC,
and other tasks. Smack is a kernel based scheme that requires
an absolute minimum of application support and a very small
amount of configuration data.

Smack uses extended attributes and
provides a set of general mount options, borrowing technics used
elsewhere. Smack uses netlabel for CIPSO labeling. Smack provides
a pseudo-filesystem smackfs that is used for manipulation of
system Smack attributes.

The patch, patches for ls and sshd, a README, a startup script,
and x86 binaries for ls and sshd are also available on

    http://www.schaufler-ca.com

Development has been done using Fedora Core 7 in a virtual machine
environment and on an old Sony laptop.

Smack provides mandatory access controls based on the label attached
to a task and the label attached to the object it is attempting to
access. Smack labels are deliberately short (1-23 characters) text
strings. Single character labels using special characters are reserved
for system use. The only operation applied to Smack labels is equality
comparison. No wildcards or expressions, regular or otherwise, are
used. Smack labels are composed of printable characters and may not
include "/".

A file always gets the Smack label of the task that created it.

Smack defines and uses these labels:

    "*" - pronounced "star"
    "_" - pronounced "floor"
    "^" - pronounced "hat"
    "?" - pronounced "huh"

The access rules enforced by Smack are, in order:

1. Any access requested by a task labeled "*" is denied.
2. A read or execute access requested by a task labeled "^"
   is permitted.
3. A read or execute access requested on an object labeled "_"
   is permitted.
4. Any access requested on an object labeled "*" is permitted.
5. Any access requested by a task on an object with the same
   label is permitted.
6. Any access requested that is explicitly defined in the loaded
   rule set is permitted.
7. Any other access is denied.

Rules may be explicitly defined by writing subject,object,access
triples to /smack/load.

Smack rule sets can be easily defined that describe Bell&LaPadula
sensitivity, Biba integrity, and a variety of interesting
configurations. Smack rule sets can be modified on the fly to
accommodate changes in the operating environment or even the time
of day.

Some practical use cases:

Hierarchical levels. The less common of the two usual uses
for MLS systems is to define hierarchical levels, often
unclassified, confidential, secret, and so on. To set up smack
to support this, these rules could be defined:

   C        Unclass rx
   S        C       rx
   S        Unclass rx
   TS       S       rx
   TS       C       rx
   TS       Unclass rx

A TS process can read S, C, and Unclass data, but cannot write it.
An S process can read C and Unclass. Note that specifying that
TS can read S and S can read C does not imply TS can read C, it
has to be explicitly stated.

Non-hierarchical categories. This is the more common of the
usual uses for an MLS system. Since the default rule is that a
subject cannot access an object with a different label no
access rules are required to implement compartmentalization.

A case that the Bell & LaPadula policy does not allow is demonstrated
with this Smack access rule:

A case that Bell&LaPadula does not allow that Smack does:

    ESPN    ABC   r
    ABC     ESPN  r

On my portable video device I have two applications, one that
shows ABC programming and the other ESPN programming. ESPN wants
to show me sport stories that show up as news, and ABC will
only provide minimal information about a sports story if ESPN
is covering it. Each side can look at the other's info, neither
can change the other. Neither can see what FOX is up to, which
is just as well all things considered.

Another case that I especially like:

    SatData Guard   w
    Guard   Publish w

A program running with the Guard label opens a UDP socket and
accepts messages sent by a program running with a SatData label.
The Guard program inspects the message to ensure it is wholesome
and if it is sends it to a program running with the Publish label.
This program then puts the information passed in an appropriate
place. Note that the Guard program cannot write to a Publish
file system object because file system semanitic require read as
well as write.

The four cases (categories, levels, mutual read, guardbox) here
are all quite real, and problems I've been asked to solve over
the years. The first two are easy to do with traditonal MLS systems
while the last two you can't without invoking privilege, at least
for a while.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: Joshua Brindle <method@manicmethod.com>
Cc: Paul Moore <paul.moore@hp.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: James Morris <jmorris@namei.org>
Cc: "Ahmed S. Darwish" <darwish.07@gmail.com>
Cc: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-05 09:44:20 -08:00
..
ABI USB: Add documentation for USB suspend statistics. 2008-02-01 14:35:00 -08:00
DocBook docbook: rapidio: fix fatal filename error 2008-02-01 21:11:40 +11:00
RCU Preempt-RCU: update RCU Documentation. 2008-01-25 21:08:25 +01:00
accounting make getdelays cgroupstats aware 2007-11-14 18:45:38 -08:00
aoe Fix typos in Documentation/: 'D'-'E' 2006-10-03 22:47:42 +02:00
arm fix typo 'the same the\>' 2008-02-03 14:59:11 +02:00
auxdisplay documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
blackfin Blackfin arch: kgdb specific code 2007-06-29 16:35:17 +08:00
block Add Documentation/block/00-INDEX 2007-10-16 10:11:28 +02:00
cdrom Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
connector some kmalloc/memset ->kzalloc (tree wide) 2007-07-19 10:04:50 -07:00
console Typo: fro -> from 2007-07-19 10:04:47 -07:00
cpu-freq [ARM] pxa: add cpufreq support 2008-01-26 15:07:52 +00:00
cris
crypto [CRYPTO] doc: Update api-intro.txt 2008-01-11 08:16:14 +11:00
device-mapper dm: uevent generate events 2007-10-20 02:01:26 +01:00
driver-model Driver core: Update some prototypes in platform.txt 2008-02-02 15:14:49 -08:00
drivers/edac drivers/edac: add to edac docs 2007-07-19 10:04:57 -07:00
dvb V4L/DVB (7077): bt878: remove handcrafted PCI subsystem ID check 2008-01-25 19:05:22 -02:00
early-userspace docs: ramdisk/initrd/initramfs corrections 2007-10-17 08:42:56 -07:00
fault-injection fault-injection: fix example scripts in documentation 2007-07-16 09:05:45 -07:00
fb typo fixes 2007-10-20 01:34:40 +02:00
filesystems Document lowmem_reserve_ratio 2008-02-05 09:44:19 -08:00
firmware_class doc firmware_sample_firmware_class.c: kmalloc + memset conversion to kzalloc 2007-10-17 08:42:50 -07:00
frv move frv docs one level up 2008-02-03 15:54:28 +02:00
hrtimer Add a flag to indicate deferrable timers in /proc/timer_stats 2007-07-16 09:05:45 -07:00
hrtimers [PATCH] hrtimers: move and add documentation 2007-02-16 08:13:58 -08:00
hwmon hwmon: Add power meter spec to Documentation/hwmon/sysfs-interface 2007-11-08 08:42:45 -05:00
i2c deprecate obsolete pca9539 driver 2008-02-05 09:44:13 -08:00
i2o documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
i386 x86 boot: document for 32 bit boot protocol 2007-10-30 00:22:22 +01:00
ia64 typo fixes 2007-10-20 01:34:40 +02:00
ide ide-tape: move historical changelog to Documentation/ide/ChangeLog.ide-tape.1995-2002 2008-02-02 19:56:48 +01:00
infiniband IB/umad: Add P_Key index support 2007-10-09 19:59:15 -07:00
input typo fixes 2007-10-20 01:34:40 +02:00
ioctl [PATCH] Document how to decode an IOCTL number 2006-12-10 09:55:40 -08:00
isdn spelling fixes: Documentation/ 2007-10-20 01:30:25 +02:00
ja_JP Add ja_JP translation of stable_kernel_rules.txt 2008-02-02 15:14:48 -08:00
kbuild kconfig: document use of HAVE_* 2008-01-28 23:21:19 +01:00
kdump Add documentation for extended crashkernel syntax 2007-10-19 11:53:51 -07:00
ko_KR HOWTO: update misspelling and word incorrected 2007-12-17 10:33:19 -08:00
lguest virtio: reset function 2008-02-04 23:50:03 +11:00
m68k [SCSI] 53c7xx: fix removal fallout 2008-01-11 18:22:30 -06:00
make Documentation/make/headers_install.txt 2007-10-17 08:43:05 -07:00
mips [MIPS] remove Documentation/mips/GT64120.README 2008-01-29 10:15:05 +00:00
namespaces The namespaces compatibility list doc 2007-11-29 09:24:53 -08:00
netlabel Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
networking Documentation: "decnet=" should read "decnet.addr=". 2008-02-03 15:18:45 +02:00
parisc
pcmcia pcmcia: replace kio_addr_t with unsigned int everywhere 2008-02-05 09:44:08 -08:00
power PM: Remove obsolete /sys/devices/.../power/state docs 2008-02-01 18:30:59 -05:00
powerpc [POWERPC] fsl_spi: stop using device_type = "spi" 2008-01-28 08:32:58 -06:00
s390 [S390] cio: Dump ccw device information in case of timeout. 2008-01-26 14:10:55 +01:00
scsi [SCSI] aacraid: add Voodoo Lite class of cards. 2008-01-23 11:29:34 -06:00
serial [SERIAL] Update parity handling documentation 2006-06-02 17:47:26 +01:00
sh sh: SH7722 clock framework support. 2007-05-07 02:11:56 +00:00
sound [ALSA] hda-codec - Add Dell T3400 support 2008-01-31 17:30:22 +01:00
sparc [SPARC/64]: Prepare to remove of_platform_driver name. 2007-10-13 21:53:11 -07:00
spi Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
sysctl mm/page-writeback: highmem_is_dirtyable option 2008-02-05 09:44:18 -08:00
telephony Add a 00-INDEX file to Documentation/telephony/ 2007-10-17 08:43:05 -07:00
uml Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
usb USB: add Printer Gadget Driver 2008-02-01 14:34:49 -08:00
video4linux V4L/DVB (7043): New card supported(partially): Pinnacle 800i 2008-01-25 19:05:06 -02:00
vm kset: move /sys/slab to /sys/kernel/slab 2008-01-24 20:40:16 -08:00
w1 Add Documentation/{w1,w1/masters}/00-INDEX 2007-10-17 08:43:06 -07:00
watchdog [WATCHDOG] clarify watchdog operation in documentation 2008-01-18 21:23:05 +00:00
x86_64 documentation: add Documentation/x86-64/00-INDEX 2008-02-04 16:48:02 +01:00
zh_CN Chinese: add translation of Codingstyle 2008-01-24 20:40:04 -08:00
00-INDEX move frv docs one level up 2008-02-03 15:54:28 +02:00
BUG-HUNTING Documentation/BUG-HUNTING whitespace cleanup 2008-02-03 16:26:36 +02:00
Changes [x86 setup] Document grub < 0.93 as broken 2007-08-02 13:50:43 -04:00
CodingStyle CodingStyle: relax the 80-cole rule 2007-10-17 08:42:55 -07:00
DMA-API.txt dma_free_coherent() needs irqs enabled (sigh) 2007-10-12 15:03:15 -07:00
DMA-ISA-LPC.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
DMA-mapping.txt Update DMA-mapping documentation 2007-10-17 08:43:06 -07:00
HOWTO Change man-pages maintainer address 2007-10-17 08:43:01 -07:00
IO-mapping.txt
IPMI.txt IPMI: new NMI handling 2007-10-18 14:37:32 -07:00
IRQ-affinity.txt
IRQ.txt [PATCH] genirq: irq: document what an IRQ is 2006-06-29 10:26:25 -07:00
Intel-IOMMU.txt Intel IOMMU: Iommu Gfx workaround 2007-10-22 08:13:19 -07:00
MSI-HOWTO.txt PCI: Remove no longer correct documentation regarding MSI vector assignment 2007-10-12 15:03:16 -07:00
ManagementStyle Fix this Paul Simon song's name 2007-09-13 08:11:10 -07:00
PCIEBUS-HOWTO.txt
README.DAC960 [PATCH] devfs: Last little devfs cleanups throughout the kernel tree. 2006-06-26 12:25:09 -07:00
README.cycladesZ
SAK.txt
SM501.txt Tweak Documentation/SM501.txt 2007-10-17 08:43:06 -07:00
SecurityBugs
Smack.txt Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
SubmitChecklist Documentation: Fix typo in SubmitChecklist. 2007-10-20 03:13:09 +02:00
SubmittingDrivers Update 2.4 maintainer in document 2007-10-20 02:02:12 +02:00
SubmittingPatches Documentation: mention email-clients.txt in SubmittingPatches 2008-02-03 18:06:58 +02:00
VGA-softcursor.txt
applying-patches.txt [PATCH] Docs update: typos, corrections and additions to applying-patches.txt 2006-01-10 08:01:54 -08:00
atomic_ops.txt bitops: introduce lock ops 2007-10-18 14:37:29 -07:00
basic_profiling.txt
binfmt_misc.txt documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
cachetlb.txt remove unused flush_tlb_pgtables 2007-10-19 11:53:34 -07:00
cciss.txt Documentation: cciss: detecting failed drives 2007-05-08 11:15:10 -07:00
cgroups.txt Task Control Groups: shared cgroup subsystem group arrays 2007-10-19 11:53:36 -07:00
cli-sti-removal.txt
computone.txt remove mentionings of devfs in documentation 2006-10-03 22:17:48 +02:00
cpqarray.txt
cpu-hotplug.txt [S390] Get rid of additional_cpus kernel parameter. 2008-01-26 14:11:15 +01:00
cpu-load.txt [PATCH] Documentation: CPU load calculation description 2007-03-01 14:53:39 -08:00
cpusets.txt cpuset sched_load_balance flag 2007-10-19 11:53:41 -07:00
cputopology.txt Fix typos in Documentation/: 'D'-'E' 2006-10-03 22:47:42 +02:00
dcdbas.txt [PATCH] dcdbas: add Dell Systems Management Base Driver with sysfs support 2005-09-07 16:57:27 -07:00
debugging-modules.txt Documentation: Clarify when module debugging actually works. 2008-02-03 15:27:38 +02:00
debugging-via-ohci1394.txt x86: early boot debugging via FireWire (ohci1394_dma=early) 2008-01-30 13:34:11 +01:00
dell_rbu.txt Fix typos in Documentation/: 'N'-'P' 2006-10-03 22:52:05 +02:00
devices.txt typo fixes 2007-10-20 01:34:40 +02:00
digiepca.txt typo fixes: aquire -> acquire 2006-06-30 18:23:04 +02:00
dnotify.txt
dontdiff [SCSI] 53c7xx: fix removal fallout 2008-01-11 18:22:30 -06:00
eisa.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
email-clients.txt doc: about email clients for Linux patches 2007-10-17 08:42:57 -07:00
exception.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
feature-removal-schedule.txt USB: mark USB drivers as being GPL only 2008-02-01 14:35:07 -08:00
floppy.txt [PATCH] kernel Doc/ URL corrections 2005-11-22 09:14:30 -08:00
gpio.txt gpiolib: update Documentation/gpio.txt 2008-02-05 09:44:13 -08:00
hayes-esp.txt
highuid.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
hpet.txt hpet.txt: broken link fix 2007-07-31 15:39:42 -07:00
hw_random.txt
ide.txt ide: remove broken disk byte-swapping support 2008-01-26 20:13:09 +01:00
initrd.txt use the newc archive format as requested by initramfs 2008-02-03 14:54:41 +02:00
io_ordering.txt
ioctl-number.txt ocfs2: Reserve ioctl range 2008-01-25 14:48:57 -08:00
iostats.txt [BLOCK] Get rid of request_queue_t typedef 2007-07-24 09:28:11 +02:00
irqflags-tracing.txt [PATCH] lockdep: irqtrace subsystem, docs 2006-07-03 15:27:03 -07:00
isapnp.txt
java.txt Documentation/java.txt: typo and grammar fixes 2007-10-20 02:37:21 +02:00
kernel-doc-nano-HOWTO.txt [PATCH] Discuss a couple common errors in kernel-doc usage. 2007-02-11 10:51:32 -08:00
kernel-docs.txt typo fixes 2007-10-20 01:34:40 +02:00
kernel-parameters.txt Documentation: Remove references to dead "st0x" and "tmc8xx" parms. 2008-02-03 15:23:00 +02:00
keys-request-key.txt KEYS: Make request_key() and co fundamentally asynchronous 2007-10-17 08:42:57 -07:00
keys.txt KEYS: Make request_key() and co fundamentally asynchronous 2007-10-17 08:42:57 -07:00
kobject.txt kobject: update the kobject/kset documentation 2008-01-24 20:40:41 -08:00
kprobes.txt ARM kprobes: let's enable it 2008-01-26 15:25:17 +00:00
kref.txt Fix wrong identifier name in Documentation/kref.txt 2007-05-11 19:07:14 +02:00
laptop-mode.txt laptop-mode URL update 2007-05-08 11:15:14 -07:00
ldm.txt LDM: Fix for Windows Vista dynamic disks 2007-05-21 09:58:40 -07:00
leds-class.txt [PATCH] LED: class documentation 2006-03-31 12:18:56 -08:00
local_ops.txt Revert "local_t Documentation update" 2008-01-17 15:38:59 -08:00
lockdep-design.txt [PATCH] fix lockdep-design.txt 2006-10-11 11:14:24 -07:00
lockstat.txt lockstat: documentation 2007-10-07 16:28:43 -07:00
logo.gif
logo.txt
magic-number.txt Magic number prefix consistency change to Documentation/magic-number.txt 2007-05-09 08:58:18 +02:00
markers.txt Linux Kernel Markers: document format string 2007-11-14 18:45:40 -08:00
mca.txt Fix some typos in Documentation/: 'A' 2006-10-03 22:45:33 +02:00
md.txt md: allow reshape_position for md arrays to be set via sysfs 2007-05-09 12:30:57 -07:00
memory-barriers.txt bitops: introduce lock ops 2007-10-18 14:37:29 -07:00
memory-hotplug.txt memory hotplug: document the memory hotplug notifier 2007-10-22 08:13:17 -07:00
memory.txt
mono.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
moxa-smartio
mtrr.txt [PATCH] Doc: fix mtrr userspace programs to build cleanly 2006-04-11 06:18:44 -07:00
mutex-design.txt Documentation: Add nested versions of mutex locks to docs 2007-10-20 00:15:26 +02:00
nbd.txt
nfsroot.txt [IPV4] ipconfig: Fix regression in ip command line processing 2008-01-08 23:29:58 -08:00
nmi_watchdog.txt
nommu-mmap.txt [PATCH] NOMMU: Make futexes work under NOMMU conditions 2006-09-27 08:26:15 -07:00
numastat.txt
oops-tracing.txt Report that kernel is tainted if there was an OOPS 2007-07-17 10:23:02 -07:00
paride.txt
parport-lowlevel.txt plip: fix parport_register_device name parameter 2007-11-26 19:39:01 -08:00
parport.txt
pci-error-recovery.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
pci.txt PCI: Remove pci_enable_device_bars() from documentation 2008-02-01 15:04:28 -08:00
pcieaer-howto.txt documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
pi-futex.txt fix a typo in Documentation/pi-futex.txt 2006-10-03 23:39:02 +02:00
pm.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
pnp.txt Documentation: Replace obsolete "driverfs" with "sysfs". 2008-01-24 20:40:04 -08:00
power_supply_class.txt power_supply: add few more values and props 2008-02-02 02:43:00 +03:00
preempt-locking.txt
prio_tree.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
ramdisk.txt Remove final traces of long-deprecated "ramdisk" kernel parm 2007-10-17 08:42:56 -07:00
rbtree.txt [PATCH] Documentation/rbtree.txt 2007-02-11 10:51:35 -08:00
rfkill.txt [RFKILL]: Add rfkill documentation 2007-10-10 16:49:24 -07:00
riscom8.txt
robust-futex-ABI.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
robust-futexes.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
rocket.txt Fix typos in Documentation/: 'S' 2006-10-03 22:55:17 +02:00
rpc-cache.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
rt-mutex-design.txt [PATCH] typo fixes for rt-mutex-design.txt 2006-10-01 00:39:24 -07:00
rt-mutex.txt [PATCH] pi-futex: rt mutex docs 2006-06-27 17:32:47 -07:00
rtc.txt rtc: tweak driver documentation for rtc periodic 2007-11-14 18:45:37 -08:00
sched-arch.txt [PATCH] sched: resched and cpu_idle rework 2005-11-09 07:56:33 -08:00
sched-coding.txt Fix typos in Documentation/: 'H'-'M' 2006-10-03 22:50:39 +02:00
sched-design-CFS.txt sched: group scheduling, sysfs tunables 2007-10-15 17:00:14 +02:00
sched-design.txt Fix typos in Documentation/: 'H'-'M' 2006-10-03 22:50:39 +02:00
sched-domains.txt
sched-nice-design.txt sched: document nice levels 2007-08-09 11:16:46 +02:00
sched-stats.txt [PATCH] sched: update Documentation/sched-stats.txt 2007-07-26 13:40:43 +02:00
serial-console.txt [PATCH] doc: more serial-console info 2006-03-25 08:23:00 -08:00
sgi-ioc4.txt
sgi-visws.txt
sharedsubtree.txt Fix compiler warning in smount example program from sharedsubtree.txt 2007-10-20 02:44:34 +02:00
smart-config.txt kbuild: remove checkconfig.pl 2006-02-19 09:51:22 +01:00
sony-laptop.txt sony-laptop: update documentation and Kconfig help 2007-04-10 16:01:19 -04:00
sonypi.txt documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
sparse.txt [PATCH] update 'getting sparse' info. 2007-03-08 16:47:58 -08:00
specialix.txt
spinlocks.txt docs: static initialization of spinlocks is OK 2007-07-16 09:05:52 -07:00
stable_api_nonsense.txt stable_api_nonsense.txt: Disambiguate the use of "this" by using "that" to refer to the syscall interface 2007-07-30 14:25:12 -07:00
stable_kernel_rules.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
stallion.txt
svga.txt
sx.txt
sysfs-rules.txt Fix Doc/sysfs-rules typos 2007-07-30 14:25:12 -07:00
sysrq.txt sysrq docs: document sequence that actually works 2007-10-07 16:28:43 -07:00
thinkpad-acpi.txt ACPI: thinkpad-acpi: bump up version to 0.17 2007-11-05 13:07:11 -05:00
tty.txt termios: document callback more clearly 2007-11-29 09:24:52 -08:00
unicode.txt
unshare.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
video-output.txt output: Add output class document 2006-12-20 01:46:58 -05:00
volatile-considered-harmful.txt "volatile considered harmful" 2007-06-24 08:59:11 -07:00
voyager.txt
zorro.txt

README.cycladesZ

The Cyclades-Z must have firmware loaded onto the card before it will
operate.  This operation should be performed during system startup,

The firmware, loader program and the latest device driver code are
available from Cyclades at
    ftp://ftp.cyclades.com/pub/cyclades/cyclades-z/linux/