Lines Matching full:are
15 are encouraged to compare Smack with the other mechanisms
22 - Basic utilities, which are helpful but not required
32 configurations are intolerant of IP options and can impede
44 There are five commands included in smackutil:
56 These two commands are obsolete with the introduction of
78 objects. The attributes are stored in the extended attribute security
82 The extended attributes that Smack uses are:
118 There are multiple ways to set a Smack label on a file::
177 The following numbers are the categories::
189 The following numbers are the categories::
203 treated as single label hosts. Packets are sent to single
206 are given the specified label. The format accepted on write is::
227 permissions that are not allowed. The string "r-x--" would
228 specify read and execute access. Labels are limited to 23
242 permissions that are not allowed. The string "r-x--" would
249 defined. These rules are only consulted if access would
250 otherwise be permitted, and are intended to provide additional
256 defined. These rules are only consulted if access would
257 otherwise be permitted, and are intended to provide additional
270 treated as single label hosts. Packets are sent to single
273 received from single label hosts are given the specified
284 these capabilities are effective at for processes with any
285 label. The values are set by writing the desired labels, separated
298 only allowed when subject's and object's labels are equal.
325 The values are set by writing the desired labels, separated
328 If you are using the smackload utility
350 allow the program or user to decide what other programs or users are allowed
351 access to pieces of data. These schemes are called discretionary access
354 program can access up to users or programs. These schemes are called mandatory
372 This scheme organizes users, programs, and data into domains that are
384 LaPadula are addressed by providing a scheme whereby access can be controlled
395 pick up. There are four terms that are used in a specific way and that are
415 These definitions are consistent with the traditional use in the security
416 community. There are also some terms from Linux that are likely to crop up:
441 Smack labels are ASCII character strings. They can be up to 255 characters
444 other than a letter or digit, are reserved for use by the Smack development
445 team. Smack labels are unstructured, case sensitive, and the only operation
451 There are some predefined labels::
466 Smack uses the traditional access modes of Linux. These modes are read,
467 execute, write, and occasionally append. There are a few cases where the
479 attached to the object it is trying to access. The rules enforced are, in
497 With the isolation provided by Smack access separation is simple. There are
524 Uppercase values for the specification letters are allowed as well.
526 are::
536 Examples of unacceptable rules are::
542 Spaces are not allowed in labels. Since a subject always has access to files
544 valid letters (rwxatbRWXATB) and the dash ('-') character are allowed in
552 schemes and concepts from other systems. Most often, the other systems are
577 namespaces and access requests are only required to match the object in
587 Sockets are data structures attached to processes and sending a packet from
595 system startup. The contents are written to the special file
647 Solaris system, but there are other, less widely deployed systems out there.
655 The label and category set are mapped to a Smack label as defined in
671 The ":" and "," characters are permitted in a Smack label but have no special
686 There are two attributes that are associated with sockets. These attributes
713 Entries in the /sys/fs/smackfs/netlabel file are matched by longest mask
736 There are three sorts of applications that will run on a Smack system. How an
758 These are special programs that not only know about Smack, but participate in
759 the enforcement of system policy. In most cases these are the programs that
760 set up user sessions. There are also network services that provide information
840 Events are logged as 'key=value' pairs, for each event you at least will get