]> git.kernelconcepts.de Git - karo-tx-linux.git/commitdiff
projects / karo-tx-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 90bb766)
doc: ReSTify LoadPin.txt
authorKees Cook <keescook@chromium.org>
Sat, 13 May 2017 11:51:48 +0000 (04:51 -0700)
committerJonathan Corbet <corbet@lwn.net>
Thu, 18 May 2017 16:33:12 +0000 (10:33 -0600)
Adjusts for ReST markup and moves under LSM admin guide.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Documentation/admin-guide/LSM/LoadPin.rst [moved from Documentation/security/LoadPin.txt with 73% similarity] patch | blob | history
Documentation/admin-guide/LSM/index.rst patch | blob | history
MAINTAINERS patch | blob | history

diff --git a/Documentation/security/LoadPin.txt b/Documentation/admin-guide/LSM/LoadPin.rst
similarity index 73%
rename from Documentation/security/LoadPin.txt
rename to Documentation/admin-guide/LSM/LoadPin.rst
index e11877f5d3d4b505b3727ea816c4669a74056210..32070762d24c44f0efc47a7bb1e99e2cf9d18291 100644 (file)
--- a/Documentation/security/LoadPin.txt
+++ b/Documentation/admin-guide/LSM/LoadPin.rst
@@ -1,3 +1,7 @@
+=======
+LoadPin
+=======
+
 LoadPin is a Linux Security Module that ensures all kernel-loaded files
 (modules, firmware, etc) all originate from the same filesystem, with
 the expectation that such a filesystem is backed by a read-only device
@@ -5,13 +9,13 @@ such as dm-verity or CDROM. This allows systems that have a verified
 and/or unchangeable filesystem to enforce module and firmware loading
 restrictions without needing to sign the files individually.
 
-The LSM is selectable at build-time with CONFIG_SECURITY_LOADPIN, and
+The LSM is selectable at build-time with ``CONFIG_SECURITY_LOADPIN``, and
 can be controlled at boot-time with the kernel command line option
-"loadpin.enabled". By default, it is enabled, but can be disabled at
-boot ("loadpin.enabled=0").
+"``loadpin.enabled``". By default, it is enabled, but can be disabled at
+boot ("``loadpin.enabled=0``").
 
 LoadPin starts pinning when it sees the first file loaded. If the
 block device backing the filesystem is not read-only, a sysctl is
-created to toggle pinning: /proc/sys/kernel/loadpin/enabled. (Having
+created to toggle pinning: ``/proc/sys/kernel/loadpin/enabled``. (Having
 a mutable filesystem means pinning is mutable too, but having the
 sysctl allows for easy testing on systems with a mutable filesystem.)
diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst
index e5ba2c69b8efbfd22712e7d17e68005160aa945d..41f5262359f99bef72ba4ae4c66608db0678f41b 100644 (file)
--- a/Documentation/admin-guide/LSM/index.rst
+++ b/Documentation/admin-guide/LSM/index.rst
@@ -34,6 +34,7 @@ the one "major" module (e.g. SELinux) if there is one configured.
    :maxdepth: 1
 
    apparmor
+   LoadPin
    SELinux
    tomoyo
    Yama
diff --git a/MAINTAINERS b/MAINTAINERS
index 816947653ea2a7a9b0e9987a8811082d5c702636..38a3d95d2d63fdc564ee1c62476ff7e4de556545 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -11567,6 +11567,7 @@ M:      Kees Cook <keescook@chromium.org>
 T:     git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin
 S:     Supported
 F:     security/loadpin/
+F:     Documentation/admin-guide/LSM/LoadPin.rst
 
 YAMA SECURITY MODULE
 M:     Kees Cook <keescook@chromium.org>
Linux kernel for KaRo TX COM modules