On Thu, 2013-01-10 at 19:42 +0100, Rafal Krypa wrote: > Rule modifications are enabled via /smack/change-rule. Format is as follows: > "Subject Object rwaxt rwaxt" > > First two strings are subject and object labels up to 255 characters. > Third string contains permissions to enable. > Fourth string contains permissions to disable. > > All unmentioned permissions will be left unchanged. > If no rule previously existed, it will be created. Changing rules on a running system could affect IMA, if the IMA policy contains LSM based rules. Patch "[PATCH 1/9] ima: re-initialize IMA policy LSM info" addresses this issue. It assumes existing LSM rules have not been dropped. thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
