Smack: implement revoking all rules for a subject label

Add /smack/revoke-subject special file. Writing a SMACK label to this file will set the access to '-' for all access rules with that subject label. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
2012-07-11 17:49:30 +02:00 · 2012-07-11 17:49:30 +02:00 · 449543b043
commit 449543b043
parent c00bedb368
2 changed files with 78 additions and 0 deletions
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@ -194,6 +194,9 @@ onlycap
 	these capabilities are effective at for processes with any
 	label. The value is set by writing the desired label to the
 	file or cleared by writing "-" to the file.
+revoke-subject
+	Writing a Smack label here sets the access to '-' for all access
+	rules with that subject label.

 You can add access rules in /etc/smack/accesses. They take the form: