linux/Documentation
Casey Schaufler f7112e6c9a Smack: allow for significantly longer Smack labels v4
V4 updated to current linux-security#next
Targeted for git://gitorious.org/smack-next/kernel.git

Modern application runtime environments like to use
naming schemes that are structured and generated without
human intervention. Even though the Smack limit of 23
characters for a label name is perfectly rational for
human use there have been complaints that the limit is
a problem in environments where names are composed from
a set or sources, including vendor, author, distribution
channel and application name. Names like

	softwarehouse-pgwodehouse-coolappstore-mellowmuskrats

are becoming harder to avoid. This patch introduces long
label support in Smack. Labels are now limited to 255
characters instead of the old 23.

The primary reason for limiting the labels to 23 characters
was so they could be directly contained in CIPSO category sets.
This is still done were possible, but for labels that are too
large a mapping is required. This is perfectly safe for communication
that stays "on the box" and doesn't require much coordination
between boxes beyond what would have been required to keep label
names consistent.

The bulk of this patch is in smackfs, adding and updating
administrative interfaces. Because existing APIs can't be
changed new ones that do much the same things as old ones
have been introduced.

The Smack specific CIPSO data representation has been removed
and replaced with the data format used by netlabel. The CIPSO
header is now computed when a label is imported rather than
on use. This results in improved IP performance. The smack
label is now allocated separately from the containing structure,
allowing for larger strings.

Four new /smack interfaces have been introduced as four
of the old interfaces strictly required labels be specified
in fixed length arrays.

The access interface is supplemented with the check interface:
	access  "Subject                 Object                  rwxat"
	access2 "Subject Object rwaxt"

The load interface is supplemented with the rules interface:
	load   "Subject                 Object                  rwxat"
	load2  "Subject Object rwaxt"

The load-self interface is supplemented with the self-rules interface:
	load-self   "Subject                 Object                  rwxat"
	load-self2  "Subject Object rwaxt"

The cipso interface is supplemented with the wire interface:
	cipso  "Subject                  lvl cnt  c1  c2 ..."
	cipso2 "Subject lvl cnt  c1  c2 ..."

The old interfaces are maintained for compatibility.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2012-05-14 22:48:38 -07:00
..
ABI HSI: Add HSI ABI documentation 2012-04-23 14:23:32 +03:00
accounting Documentation: update cgroupfs mount point 2011-06-15 21:52:50 -07:00
acpi Update documentation for parameter *notrigger* in einj.txt 2012-03-30 03:30:19 -04:00
aoe Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
arm Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
auxdisplay
backlight backlight: new backlight driver for LP855x devices 2012-03-23 16:58:33 -07:00
blackfin doc: fix broken references 2011-09-27 18:08:04 +02:00
block Documentation: drop as block elevator reference in switching-sched.txt 2011-11-04 12:01:48 -07:00
blockdev Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
cdrom doc: fix broken references 2011-09-27 18:08:04 +02:00
cgroups memcg: fix up documentation on global LRU 2012-04-12 13:12:11 -07:00
connector
console
cpu-freq Doc: cpufreq: Fix typo and outdated line 2011-11-08 10:23:29 +01:00
cpuidle cpuidle: add a sysfs entry to disable specific C state for debug purpose. 2012-03-30 01:52:58 -04:00
cris
crypto
development-process Documentation: Update stable address 2011-12-12 14:14:31 -08:00
device-mapper dm: add verity target 2012-03-28 18:43:38 +01:00
devicetree ARM: SoC fixes for 3.4-rc2 2012-04-05 22:13:39 -07:00
DocBook Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-04-21 12:43:23 -07:00
driver-model Merge remote-tracking branches 'regulator/topic/devm' and 'regulator/topic/stub' into regulator-next 2012-03-18 21:38:28 +00:00
dvb [media] lmedm04 RS2000 Firmware details 2012-03-19 14:55:55 -03:00
early-userspace
EDID drm: allow loading an EDID as firmware to override broken monitor 2012-03-20 10:09:28 +00:00
fault-injection fault-injection: update documentation with the mmc module param 2011-10-26 16:32:13 -04:00
fb Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
filesystems typo fix in Documentation/filesystems/vfs.txt 2012-04-09 01:39:24 -04:00
firmware_class
frv doc: fix broken references 2011-09-27 18:08:04 +02:00
hid HID: Move hiddev.txt to the new Documentation/hid directory 2011-03-22 11:43:51 +01:00
hwmon hwmon: (k10temp) Add support for AMD Trinity CPUs 2012-04-01 10:25:56 -07:00
i2c Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
i2o Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
ia64 Fix common misspellings 2011-03-31 11:26:23 -03:00
ide Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
infiniband
input Documentation: input.txt: clarify mousedev 'cat' command syntax 2012-03-30 16:03:15 -07:00
ioctl Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi 2012-04-02 09:50:40 -07:00
isdn Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
ja_JP Merge branch 'driver-core-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-07-25 23:06:24 -07:00
kbuild Documentation: mention scripts/diffconfig tool 2012-03-30 16:03:15 -07:00
kdump [S390] Add s390x description to Documentation/kdump/kdump.txt 2011-12-27 11:27:13 +01:00
ko_KR driver-core: documentation: fix up Greg's email address 2012-02-15 14:48:01 -08:00
laptops Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
leds drivers/leds/leds-lp5521.c: support led pattern data 2012-03-23 16:58:34 -07:00
m68k Documentation: add pointer to name_to_dev_t for root= values 2011-08-03 14:25:21 -10:00
make
mips Fix common misspellings 2011-03-31 11:26:23 -03:00
misc-devices Fix common misspellings 2011-03-31 11:26:23 -03:00
mmc mmc: core: Fixup delayed work clock gating patch 2012-01-11 23:58:43 -05:00
mn10300
mtd
namespaces
netlabel
networking doc, net: Update ndo_start_xmit return type and values 2012-04-06 02:43:13 -04:00
nfc
parisc
PCI doc: fix broken references 2011-09-27 18:08:04 +02:00
pcmcia
power PM / Freezer / Docs: Update documentation about freezing of tasks 2012-04-29 22:29:30 +02:00
powerpc Documentation/powerpc/mpc52xx.txt: Checkpatch cleanup 2012-03-18 23:59:34 +01:00
pps
prctl Documentation: prctl/seccomp_filter 2012-04-14 11:13:22 +10:00
pti Kernel documentation for the PTI feature. 2011-05-13 16:31:00 -07:00
ptp ptp: Added a brand new class driver for ptp clocks. 2011-05-23 13:01:00 -07:00
rapidio RapidIO: documentation update 2011-11-02 16:07:02 -07:00
RCU rcu: Call out dangers of expedited RCU primitives 2012-02-21 09:06:08 -08:00
s390 Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
scheduler sched: Remove sched_switch 2012-01-27 13:28:53 +01:00
scsi SCSI updates on 20120331 2012-03-31 13:31:23 -07:00
security Smack: allow for significantly longer Smack labels v4 2012-05-14 22:48:38 -07:00
serial Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
sh
sound ALSA: hda/realtek - Add a few ALC882 model strings back 2012-04-11 14:10:57 +02:00
sparc
spi spi: create a message queueing infrastructure 2012-03-07 19:19:48 -07:00
sysctl Documentation: add missing tainted bits to Documentation/sysctl/kernel.txt 2012-02-06 16:29:19 -08:00
target Documentation: Fix typo in tcm_mod_builder.py 2012-02-10 09:52:18 +01:00
telephony Fix common misspellings 2011-03-31 11:26:23 -03:00
thermal thermal: Rename generate_netlink_event 2012-01-23 03:15:25 -05:00
timers doc: fix broken references 2011-09-27 18:08:04 +02:00
trace Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-03-20 21:12:50 -07:00
usb USB documentation: explain lifetime rules for unlinking URBs 2012-04-06 13:54:00 -07:00
vDSO Document the vDSO and add a reference parser 2011-07-14 17:57:09 -07:00
video4linux Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
virtual Merge branch 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2012-03-28 14:35:31 -07:00
vm mm: move hugepage test examples to tools/testing/selftests/vm 2012-03-28 17:14:37 -07:00
w1 Fix common misspellings 2011-03-31 11:26:23 -03:00
watchdog watchdog: Add support for WDIOC_GETTIMELEFT IOCTL in watchdog core 2012-03-27 20:15:37 +02:00
wimax
x86 x86-64, doc: Remove int 0xcc from entry_64.S documentation 2011-08-16 08:04:08 -07:00
zh_CN Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
.gitignore
00-INDEX crc32: move long comment about crc32 fundamentals to Documentation/ 2012-03-23 16:58:37 -07:00
applying-patches.txt
atomic_ops.txt doc: Add load/store guarantees to Documentation/atomic-ops.txt 2011-12-11 10:31:58 -08:00
bad_memory.txt
basic_profiling.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
cachetlb.txt mm: convert mm->cpu_vm_cpumask into cpumask_var_t 2011-05-25 08:39:21 -07:00
Changes Documentation/Changes: remove some really obsolete text 2011-07-11 16:48:38 -07:00
circular-buffers.txt
clk.txt Documentation: common clk API 2012-03-16 20:35:01 +00:00
coccinelle.txt coccinelle.txt: update documentation to include M= option 2012-01-14 22:25:56 +01:00
CodingStyle Documentation: CodingStyle: add inline assembly guidelines 2012-03-30 16:03:15 -07:00
cpu-hotplug.txt documentation: remove references to cpu_*_map. 2012-03-29 15:38:31 +10:30
cpu-load.txt
cputopology.txt
crc32.txt crc32: move long comment about crc32 fundamentals to Documentation/ 2012-03-23 16:58:37 -07:00
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt Fix common misspellings 2011-03-31 11:26:23 -03:00
devices.txt vhost-net: add module alias (v2.1) 2012-01-13 10:12:23 -08:00
digsig.txt crypto: digital signature verification support 2011-11-09 12:10:37 +02:00
DMA-API-HOWTO.txt Documentation/DMA-API-HOWTO.txt: fix misleading example 2011-07-26 16:49:45 -07:00
DMA-API.txt include/linux/dma-mapping.h: add dma_zalloc_coherent() 2011-11-02 16:07:02 -07:00
DMA-attributes.txt common: DMA-mapping: add NON-CONSISTENT attribute 2012-03-28 16:36:44 +02:00
dma-buf-sharing.txt dma-buf: document fd flags and O_CLOEXEC requirement 2012-03-26 11:33:22 +05:30
DMA-ISA-LPC.txt
dmaengine.txt Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
dontdiff Documentation: remove 'mach' from dontdiff file 2012-03-30 16:03:15 -07:00
dynamic-debug-howto.txt dynamic_debug: process multiple debug-queries on a line 2012-01-24 12:50:36 -08:00
edac.txt EDAC: Correct scrub rate API 2012-03-19 12:03:58 +01:00
eisa.txt Fix common misspellings 2011-03-31 11:26:23 -03:00
email-clients.txt Documentation: email-clients: Add better Thunderbird information 2011-08-13 18:34:03 -07:00
feature-removal-schedule.txt Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-04-12 15:16:26 -07:00
flexible-arrays.txt flex_array: flex_array_prealloc takes a number of elements, not an end 2011-04-28 16:12:47 -04:00
futex-requeue-pi.txt
gcov.txt
gpio.txt Documentation/gpio.txt: Explain expected pinctrl interaction 2012-03-12 11:27:07 -06:00
highuid.txt
HOWTO Documentation: Update stable address 2011-12-12 14:14:31 -08:00
hw_random.txt
hwspinlock.txt hwspinlock/core: register a bank of hwspinlocks in a single API call 2011-09-21 19:45:34 +03:00
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt Documentation/iostats.txt: bit-size reference etc. 2011-03-23 20:44:18 +01:00
IPMI.txt
IRQ-affinity.txt bitmap, irq: add smp_affinity_list interface to /proc/irq 2011-05-25 08:39:45 -07:00
IRQ-domain.txt irq_domain: add documentation and MAINTAINERS entry. 2012-02-14 14:06:47 -07:00
IRQ.txt
irqflags-tracing.txt Fix common misspellings 2011-03-31 11:26:23 -03:00
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt
kernel-docs.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
kernel-parameters.txt Merge branch 'for-3.4' of git://linux-nfs.org/~bfields/linux 2012-03-29 14:53:25 -07:00
kmemcheck.txt
kmemleak.txt kmemleak: Handle percpu memory allocation 2011-12-02 16:12:42 +00:00
kobject.txt driver-core: documentation: fix up Greg's email address 2012-02-15 14:48:01 -08:00
kprobes.txt
kref.txt kref: Fix typo in kref documentation 2011-03-07 13:20:05 -08:00
ldm.txt
local_ops.txt
lockdep-design.txt lockdep: Update documentation for lock-class leak detection 2011-12-11 10:31:23 -08:00
lockstat.txt Documentation: Add statistics about nested locks 2011-05-28 17:03:29 +02:00
lockup-watchdogs.txt watchdog: Update documentation 2012-02-11 15:11:28 +01:00
logo.gif
logo.txt
magic-number.txt drivers/net: fix up stale paths from driver reorg 2012-01-30 12:54:40 -05:00
Makefile mm: move hugepage test examples to tools/testing/selftests/vm 2012-03-28 17:14:37 -07:00
ManagementStyle
mca.txt doc: fix wrong arch/i386 references 2011-06-13 13:43:05 +02:00
md.txt md: create externally visible flags for supporting hot-replace. 2011-12-23 10:17:51 +11:00
media-framework.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
memory-barriers.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
memory-hotplug.txt
memory.txt
mono.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
mutex-design.txt
nommu-mmap.txt
numastat.txt Doc: Update numastat.txt 2012-02-28 16:05:06 +01:00
oops-tracing.txt module,bug: Add TAINT_OOT_MODULE flag for modules not built in-tree 2011-11-07 07:54:42 +10:30
padata.txt
parport-lowlevel.txt
parport.txt Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
pi-futex.txt
pinctrl.txt pinctrl: enhance mapping table to support pin config operations 2012-03-05 11:25:11 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt Documentation: update printk-formats.txt 2011-06-15 21:52:50 -07:00
prio_tree.txt
ramoops.txt Documentation: add Ramoops usage description 2011-08-13 18:34:03 -07:00
rbtree.txt Documentation: Update augmented rbtree documentation 2011-07-24 10:03:05 -07:00
remoteproc.txt remoteproc: remove the single rpmsg vdev limitation 2012-03-06 19:14:12 +02:00
rfkill.txt doc: fix broken references 2011-09-27 18:08:04 +02:00
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt rpmsg: add virtio-based remote processor messaging bus 2012-02-08 22:53:58 +02:00
rt-mutex-design.txt
rt-mutex.txt
rtc.txt RTC: Fix up rtc.txt documentation to reflect changes to generic rtc layer 2011-03-09 11:25:10 -08:00
SAK.txt
SecurityBugs Fix common misspellings 2011-03-31 11:26:23 -03:00
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
sparse.txt
spinlocks.txt Documentation/spinlocks.txt: Remove reference to sti()/cli() 2011-07-11 12:45:04 -07:00
stable_api_nonsense.txt doc: stable_api_nonsense.txt: fix paragraph to make more sense. 2011-03-30 12:02:05 +02:00
stable_kernel_rules.txt stable: update documentation to ask for kernel version 2012-01-24 10:50:22 -08:00
static-keys.txt static keys: Add docs better explaining the whole 'struct static_key' mechanism 2012-02-24 09:12:19 +01:00
SubmitChecklist Documentation/SubmitChecklist: add RCU debug config options 2011-07-25 20:57:17 -07:00
SubmittingDrivers Documentation: SubmittingDrivers: fix Linus's git tree URL 2011-08-13 18:34:03 -07:00
SubmittingPatches Documentation: fix spelling error in SubmittingPatches 2011-08-13 18:34:02 -07:00
svga.txt
sysfs-rules.txt
sysrq.txt Documentation: sysrq: Crutcher Dunnavant is unavailable 2012-03-30 16:03:15 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
VGA-softcursor.txt
vgaarbiter.txt misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
video-output.txt
volatile-considered-harmful.txt
workqueue.txt workqueue: Document debugging tricks 2011-03-31 13:40:42 +02:00
xz.txt
zorro.txt