Smack: adds smackfs/ptrace interface

This allows to limit ptrace beyond the regular smack access rules. It adds a smackfs/ptrace interface that allows smack to be configured to require equal smack labels for PTRACE_MODE_ATTACH access. See the changes in Documentation/security/Smack.txt below for details. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
author: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> 2014-03-11 12:07:06 -0400
committer: Casey Schaufler <casey@schaufler-ca.com> 2014-04-11 17:34:35 -0400
commit: 668678185247303450e60df14569f94cf5775fea (patch)
tree: 2f2b77d7a2769745699e48685c9dbf26d8dd0c98 /Documentation/security
parent: 5663884caab166f87ab8c68ec7c62b1cce85a400 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index 7a2d30c132e3..5597917703e0 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -204,6 +204,16 @@ onlycap
        these capabilities are effective at for processes with any
        label. The value is set by writing the desired label to the
        file or cleared by writing "-" to the file.
+ptrace
+        This is used to define the current ptrace policy
+        0 - default: this is the policy that relies on smack access rules.
+            For the PTRACE_READ a subject needs to have a read access on
+            object. For the PTRACE_ATTACH a read-write access is required.
+        1 - exact: this is the policy that limits PTRACE_ATTACH. Attach is
+            only allowed when subject's and object's labels are equal.
+            PTRACE_READ is not affected. Can be overriden with CAP_SYS_PTRACE.
+        2 - draconian: this policy behaves like the 'exact' above with an
+            exception that it can't be overriden with CAP_SYS_PTRACE.
 revoke-subject
        Writing a Smack label here sets the access to '-' for all access
        rules with that subject label.
author	Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>	2014-03-11 12:07:06 -0400
committer	Casey Schaufler <casey@schaufler-ca.com>	2014-04-11 17:34:35 -0400
commit	668678185247303450e60df14569f94cf5775fea (patch)
tree	2f2b77d7a2769745699e48685c9dbf26d8dd0c98 /Documentation/security
parent	5663884caab166f87ab8c68ec7c62b1cce85a400 (diff)

diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt index 7a2d30c132e3..5597917703e0 100644 --- a/Documentation/security/Smack.txt +++ b/Documentation/security/Smack.txt
@@ -204,6 +204,16 @@ onlycap
204	these capabilities are effective at for processes with any	204	these capabilities are effective at for processes with any
205	label. The value is set by writing the desired label to the	205	label. The value is set by writing the desired label to the
206	file or cleared by writing "-" to the file.	206	file or cleared by writing "-" to the file.
		207	ptrace
		208	This is used to define the current ptrace policy
		209	0 - default: this is the policy that relies on smack access rules.
		210	For the PTRACE_READ a subject needs to have a read access on
		211	object. For the PTRACE_ATTACH a read-write access is required.
		212	1 - exact: this is the policy that limits PTRACE_ATTACH. Attach is
		213	only allowed when subject's and object's labels are equal.
		214	PTRACE_READ is not affected. Can be overriden with CAP_SYS_PTRACE.
		215	2 - draconian: this policy behaves like the 'exact' above with an
		216	exception that it can't be overriden with CAP_SYS_PTRACE.
207	revoke-subject	217	revoke-subject
208	Writing a Smack label here sets the access to '-' for all access	218	Writing a Smack label here sets the access to '-' for all access
209	rules with that subject label.	219	rules with that subject label.