linux/security/smack
Rafal Krypa 65ee7f45cf Smack: don't show empty rules when /smack/load or /smack/load2 is read
This patch removes empty rules (i.e. with access set to '-') from the
rule list presented to user space.

Smack by design never removes labels nor rules from its lists. Access
for a rule may be set to '-' to effectively disable it. Such rules would
show up in the listing generated when /smack/load or /smack/load2 is
read. This may cause clutter if many rules were disabled.

As a rule with access set to '-' is equivalent to no rule at all, they
may be safely hidden from the listing.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2012-07-13 15:49:24 -07:00
..
Kconfig Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
Makefile Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
smack.h Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
smack_access.c Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
smack_lsm.c Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13 15:49:23 -07:00
smackfs.c Smack: don't show empty rules when /smack/load or /smack/load2 is read 2012-07-13 15:49:24 -07:00