Re: [PATCH][LSM/SELINUX] Pass requested protection tosecurity_file_mmap/mprotect hooks

From: Stephen Smalley
Date: Tue Mar 08 2005 - 08:42:59 EST

Next message: Jochen Suckfuell: "2.6.11 bug: unbacked private shared memory segments missing in core dump"
Previous message: Holger Kiehl: "Fusion-MPT much faster as module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2005-03-07 at 16:14 -0800, Andrew Morton wrote:
> Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> >
> > +__setup("checkreqprot=", checkreqprot_setup);
>
> Can we have an update to Documentation/kernel-parameters.txt, please?

Ok, how does the patch below look? Includes descriptions of the other
two SELinux-related parameters as well.

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>

Documentation/kernel-parameters.txt | 26 ++++++++++++++++++++++++++
1 files changed, 26 insertions(+)

--- linux-2.6.11-mm2/Documentation/kernel-parameters.txt 2005-03-08 07:46:07.491966080 -0500
+++ linux-2.6.11-mm2-sel/Documentation/kernel-parameters.txt 2005-03-08 08:21:11.179157016 -0500
@@ -67,6 +67,7 @@
SCSI Appropriate SCSI support is enabled.
A lot of drivers has their options described inside of
Documentation/scsi/.
+ SELINUX SELinux support is enabled.
SERIAL Serial support is enabled.
SMP The kernel is an SMP kernel.
SPARC Sparc architecture is enabled.
@@ -296,6 +297,14 @@
See header of drivers/cdrom/cdu31a.c.

chandev= [HW,NET] Generic channel device initialisation
+
+ checkreqprot [SELINUX] Set initial checkreqprot flag value.
+ Format: { "0" | "1" }
+ See security/selinux/Kconfig help text.
+ 0 -- check protection applied by kernel (includes any implied execute protection).
+ 1 -- check protection requested by application.
+ Default value is set via a kernel config option.
+ Value can be changed at runtime via /selinux/checkreqprot.

clock= [BUGS=IA-32, HW] gettimeofday timesource override.
Forces specified timesource (if avaliable) to be used
@@ -444,6 +453,14 @@
See Documentation/block/as-iosched.txt
and Documentation/block/deadline-iosched.txt for details.

+ enforcing [SELINUX] Set initial enforcing status.
+ Format: {"0" | "1"}
+ See security/selinux/Kconfig help text.
+ 0 -- permissive (log only, no denials).
+ 1 -- enforcing (deny and log).
+ Default value is 0.
+ Value can be changed at runtime via /selinux/enforce.
+
es1370= [HW,OSS]
Format: <lineout>[,<micbias>]
See also header of sound/oss/es1370.c.
@@ -1187,6 +1204,15 @@

scsi_logging= [SCSI]

+ selinux [SELINUX] Disable or enable SELinux at boot time.
+ Format: { "0" | "1" }
+ See security/selinux/Kconfig help text.
+ 0 -- disable.
+ 1 -- enable.
+ Default value is set via kernel config option.
+ If enabled at boot time, /selinux/disable can be used
+ later to disable prior to initial policy load.
+
serialnumber [BUGS=IA-32]

sg_def_reserved_size=

--
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jochen Suckfuell: "2.6.11 bug: unbacked private shared memory segments missing in core dump"
Previous message: Holger Kiehl: "Fusion-MPT much faster as module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]