WSL2-Linux-Kernel/Documentation/security
Rafal Krypa c0d77c8844 Smack: allow multiple labels in onlycap
Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to
processes running with the configured label. But having single privileged
label is not enough in some real use cases. On a complex system like Tizen,
there maybe few programs that need to configure Smack policy in run-time
and running them all with a single label is not always practical.
This patch extends onlycap feature for multiple labels. They are configured
in the same smackfs "onlycap" interface, separated by spaces.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
2015-06-02 11:53:42 -07:00
..
00-INDEX
IMA-templates.txt ima: added support for new kernel cmdline parameter ima_template_fmt 2014-10-13 08:39:02 -04:00
LSM.txt
SELinux.txt
Smack.txt Smack: allow multiple labels in onlycap 2015-06-02 11:53:42 -07:00
Yama.txt
apparmor.txt
credentials.txt
keys-ecryptfs.txt
keys-request-key.txt
keys-trusted-encrypted.txt
keys.txt KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y 2015-01-22 22:34:32 +00:00
tomoyo.txt