c0d77c8844
Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to processes running with the configured label. But having single privileged label is not enough in some real use cases. On a complex system like Tizen, there maybe few programs that need to configure Smack policy in run-time and running them all with a single label is not always practical. This patch extends onlycap feature for multiple labels. They are configured in the same smackfs "onlycap" interface, separated by spaces. Signed-off-by: Rafal Krypa <r.krypa@samsung.com> |
||
---|---|---|
.. | ||
00-INDEX | ||
IMA-templates.txt | ||
LSM.txt | ||
SELinux.txt | ||
Smack.txt | ||
Yama.txt | ||
apparmor.txt | ||
credentials.txt | ||
keys-ecryptfs.txt | ||
keys-request-key.txt | ||
keys-trusted-encrypted.txt | ||
keys.txt | ||
tomoyo.txt |