|
Smack (full name: Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control (MAC) rules, with simplicity as its main design goal.〔(【引用サイトリンク】 title=Official SMACK documentation from the Linux source tree )〕 It has been officially merged since the Linux 2.6.25 release, and was the main access control mechanism for the MeeGo mobile Operating System. It is also used to sandbox HTML5 web applications in the Tizen architecture, in the commercial Wind River Linux solutions for embedded device development, and in Philips Digital TV products. ==Design== Smack consists of three components: *A kernel module that is implemented as a Linux Security Module. It works best with file systems that support extended attributes. *A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration. *A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar patches to Busybox were also created. SMACK does not require user-space support.〔(【引用サイトリンク】 title=Smack Userspace Tools README )〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Smack (software)」の詳細全文を読む スポンサード リンク
|