Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

doc: ReSTify LoadPin.txt

Adjusts for ReST markup and moves under LSM admin guide.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Kees Cook 8 жил өмнө
parent
90bb766440
commit
30da4f77aa
3 өөрчлөгдсөн 10 нэмэгдсэн , 4 устгасан
Өөрчлөллтийг нэгтгэж харах Өөрчлөлтийн статистик харах
  1. 8 4
      Documentation/admin-guide/LSM/LoadPin.rst
  2. 1 0
      Documentation/admin-guide/LSM/index.rst
  3. 1 0
      MAINTAINERS

+ 8 - 4
Documentation/security/LoadPin.txt → Documentation/admin-guide/LSM/LoadPin.rst
Файл харах 

@@ -1,3 +1,7 @@
 
+=======
 
+LoadPin
 
+=======
 
+
 
 LoadPin is a Linux Security Module that ensures all kernel-loaded files
 
 LoadPin is a Linux Security Module that ensures all kernel-loaded files
 
 (modules, firmware, etc) all originate from the same filesystem, with
 
 (modules, firmware, etc) all originate from the same filesystem, with
 
 the expectation that such a filesystem is backed by a read-only device
 
 the expectation that such a filesystem is backed by a read-only device
 
@@ -5,13 +9,13 @@ such as dm-verity or CDROM. This allows systems that have a verified
 
 and/or unchangeable filesystem to enforce module and firmware loading
 
 and/or unchangeable filesystem to enforce module and firmware loading
 
 restrictions without needing to sign the files individually.
 
 restrictions without needing to sign the files individually.
 
 
 
-The LSM is selectable at build-time with CONFIG_SECURITY_LOADPIN, and
 
+The LSM is selectable at build-time with ``CONFIG_SECURITY_LOADPIN``, and
 
 can be controlled at boot-time with the kernel command line option
 
 can be controlled at boot-time with the kernel command line option
 
-"loadpin.enabled". By default, it is enabled, but can be disabled at
 
-boot ("loadpin.enabled=0").
 
+"``loadpin.enabled``". By default, it is enabled, but can be disabled at
 
+boot ("``loadpin.enabled=0``").
 
 
 
 LoadPin starts pinning when it sees the first file loaded. If the
 
 LoadPin starts pinning when it sees the first file loaded. If the
 
 block device backing the filesystem is not read-only, a sysctl is
 
 block device backing the filesystem is not read-only, a sysctl is
 
-created to toggle pinning: /proc/sys/kernel/loadpin/enabled. (Having
 
+created to toggle pinning: ``/proc/sys/kernel/loadpin/enabled``. (Having
 
 a mutable filesystem means pinning is mutable too, but having the
 
 a mutable filesystem means pinning is mutable too, but having the
 
 sysctl allows for easy testing on systems with a mutable filesystem.)
 
 sysctl allows for easy testing on systems with a mutable filesystem.)

+ 1 - 0
Documentation/admin-guide/LSM/index.rst
Файл харах 

@@ -34,6 +34,7 @@ the one "major" module (e.g. SELinux) if there is one configured.
 
    :maxdepth: 1
 
    :maxdepth: 1
 
 
 
    apparmor
 
    apparmor
 
+   LoadPin
 
    SELinux
 
    SELinux
 
    tomoyo
 
    tomoyo
 
    Yama
 
    Yama

+ 1 - 0
MAINTAINERS
Файл харах 

@@ -11567,6 +11567,7 @@ M:	Kees Cook <keescook@chromium.org>
 
 T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin
 
 T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin
 
 S:	Supported
 
 S:	Supported
 
 F:	security/loadpin/
 
 F:	security/loadpin/
 
+F:	Documentation/admin-guide/LSM/LoadPin.rst
 
 
 
 YAMA SECURITY MODULE
 
 YAMA SECURITY MODULE
 
 M:	Kees Cook <keescook@chromium.org>
 
 M:	Kees Cook <keescook@chromium.org>