1 files changed, 11 insertions, 0 deletions
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index 8a177e4b6e21..7a2d30c132e3 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -117,6 +117,17 @@ access2
 ambient
        This contains the Smack label applied to unlabeled network
        packets.
+change-rule
+        This interface allows modification of existing access control rules.
+        The format accepted on write is:
+                "%s %s %s %s"
+        where the first string is the subject label, the second the
+        object label, the third the access to allow and the fourth the
+        access to deny. The access strings may contain only the characters
+        "rwxat-". If a rule for a given subject and object exists it will be
+        modified by enabling the permissions in the third string and disabling
+        those in the fourth string. If there is no such rule it will be
+        created using the access specified in the third and the fourth strings.
 cipso
        This interface allows a specific CIPSO header to be assigned
        to a Smack label. The format accepted on write is:

diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt index 8a177e4b6e21..7a2d30c132e3 100644 --- a/Documentation/security/Smack.txt +++ b/Documentation/security/Smack.txt
@@ -117,6 +117,17 @@ access2
117	ambient	117	ambient
118	This contains the Smack label applied to unlabeled network	118	This contains the Smack label applied to unlabeled network
119	packets.	119	packets.
		120	change-rule
		121	This interface allows modification of existing access control rules.
		122	The format accepted on write is:
		123	"%s %s %s %s"
		124	where the first string is the subject label, the second the
		125	object label, the third the access to allow and the fourth the
		126	access to deny. The access strings may contain only the characters
		127	"rwxat-". If a rule for a given subject and object exists it will be
		128	modified by enabling the permissions in the third string and disabling
		129	those in the fourth string. If there is no such rule it will be
		130	created using the access specified in the third and the fourth strings.
120	cipso	131	cipso
121	This interface allows a specific CIPSO header to be assigned	132	This interface allows a specific CIPSO header to be assigned
122	to a Smack label. The format accepted on write is:	133	to a Smack label. The format accepted on write is: