Smack.txt - OpenGrok cross reference for /linux-4.4.14/Documentation/security/Smack.txt

Lines Matching refs:process
44 smackaccess - report if a process with one label has access
67 name space. A process must have CAP_MAC_ADMIN to change any of these
75 	of the process that created it.
77 	The Smack label of a process that execs a program file with
80 	Don't allow the file to be mmapped by a process whose Smack
81 	label does not allow all of the access permitted to a process
90 	creating process. If the object being created is a directory
106 A process can see the Smack label it is running with by
107 reading /proc/self/attr/current. A process with CAP_MAC_ADMIN
108 can set the process Smack by writing there.
206 	This interface allows process specific access rules to be
209 	restrictions on the process. The format is the same as for
212 	This interface allows process specific access rules to be
215 	restrictions on the process. The format is the same as for
253 	a process with CAP_MAC_ADMIN can write a label into this interface.
259 	This interface contains a list of labels to which the process can
261 	Normally a process can change its own label to any legal value, but only
262 	if it has CAP_MAC_ADMIN. This interface allows a process without
264 	A process without CAP_MAC_ADMIN can change its label only once. When it
389 of a process will usually be assigned by the system initialization
492 access rule that allows a process to create an object in that directory
494 of the directory, not the creating process. This makes it much easier
505 from the signaler to the recipient. Debugging a process requires both reading
510 one process to another requires that the sender have write access to the
524 The Smack label of a process can be read from /proc/<pid>/attr/current. A
525 process can read its own Smack label from /proc/self/attr/current. A
526 privileged process can change its own Smack label by writing to
527 /proc/self/attr/current but not the label of another process.
533 only be changed by a process with privilege.
537 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
538 CAP_MAC_OVERRIDE allows the process access to objects it would
539 be denied otherwise. CAP_MAC_ADMIN allows a process to change
545 transmissions. Every packet sent by a Smack process is tagged with its Smack
550 packet has write access to the receiving process and if that is not the case
652 Smack label associated with the process the only concern likely to arise is
653 whether the process has execute access to the program.
677 process can set the Smack label of a file system object with setxattr(2).
689 A privileged process can set the Smack label of outgoing packets with