WSL2-Linux-Kernel/Documentation/security
Rafal Krypa c0d77c8844 Smack: allow multiple labels in onlycap
Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to
processes running with the configured label. But having single privileged
label is not enough in some real use cases. On a complex system like Tizen,
there maybe few programs that need to configure Smack policy in run-time
and running them all with a single label is not always practical.
This patch extends onlycap feature for multiple labels. They are configured
in the same smackfs "onlycap" interface, separated by spaces.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
2015-06-02 11:53:42 -07:00
..
00-INDEX ima: new templates management mechanism 2013-10-25 17:17:04 -04:00
IMA-templates.txt ima: added support for new kernel cmdline parameter ima_template_fmt 2014-10-13 08:39:02 -04:00
LSM.txt doc: LSM: update reference, kerneltrap.org no longer works 2014-06-19 15:15:28 +02:00
SELinux.txt
Smack.txt Smack: allow multiple labels in onlycap 2015-06-02 11:53:42 -07:00
Yama.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
apparmor.txt
credentials.txt Documentation: clarify the purpose of LSMs 2011-11-16 12:37:27 +11:00
keys-ecryptfs.txt encrypted-keys: move ecryptfs documentation to proper location 2011-06-30 19:08:14 +10:00
keys-request-key.txt
keys-trusted-encrypted.txt Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
keys.txt KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y 2015-01-22 22:34:32 +00:00
tomoyo.txt