/
chsmack.8
64 lines (64 loc) · 2.19 KB
/
chsmack.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
.\" Process with groff -man -Tascii file.3
.TH CHSMACK 8 2012-04-09 "" "wbSmack Manual"
.SH NAME
chsmack \- change smack labels of files
.SH SYNOPSIS
.BR "chsmack " [ options ] " files..."
.SH DESCRIPTION
Change or view several types of smack labels of files. Changing labels
requires CAP_MAC_ADMIN capabilities. Contrary to the user-tool uchsmack,
this does not check your own smack labels and permissions, and as such
is meant to be an administration tool.
.PP
Each option provided is applied seperately. The program does not stop on
failure of a single file. If no options are provided, the known smack
labels are printed to stdout.
.PP
The \fB--store\fR and \fB--restore\fR options can be used to use an
easily parseable format, for one file at a time.
With \fB--restore\fR, the labels are read form
stdin, and no labels fro the commandline can be used, otherwise an error
will be printed and the file stays unchanged.
.SH OPTIONS
.TP
.B -h, --help
Show a short usage description.
.TP
.B -l, --link
Change attributes of symlinks rather than following them.
.TP
.B -S, --store
Use an easily parsable output format, excluding the filename.
Can only be used on a single file at a time.
.TP
.B -R, --restore
Read access labels from standard-input. The form printed using
.B -S/--store
is expected as input format.
.TP
.BI "-a, --access=" label
Change the files' access label to \fIlabel\fR. This label is used for
standard permission checking.
.TP
.BI "-e, --exec=" label
Change the execution label to \fIlabel\fR. A program with such a label
will always be executed using that label.
.BR usmackexec (1) " cannot"
be used override this behaviour. The caller of the program will not need
transition permissions, nor will \fI/etc/smack/usr\fR be taken into
account. The handling of this label is done purely on the kernel side.
.TP
.BI "-m, --mmap=" label
Change the mmap label. This label influences the
.BR mmap (2)
access rights of a file.
.TP
.BR "-t, --transmute=" TRUE | FALSE
Change the transmute flag of a directory. In a directory with this flag
set to true, created files recieve the directory's label, rather than
the label of the creating process.
.SH SEE ALSO
.BR uchsmack (1),
.BR usmackexec (1),
.BR mmap (2),
.BR capabilities (7)