Home
last modified time | relevance | path

Searched refs:LSM (Results 1 – 25 of 35) sorted by relevance

12

/Linux-v5.4/Documentation/netlabel/
Dlsm_interface.rst13 network packets. It is intended to be used by LSM developers who want to make
27 configuration. It is up to the LSM developer to translate the NetLabel
29 particular LSM.
31 NetLabel LSM Protocol Operations
34 These are the functions which allow the LSM developer to manipulate the labels
44 label and the internal LSM security identifier can be time consuming. The
47 LSM has received a packet, used NetLabel to decode its security attributes,
48 and translated the security attributes into a LSM internal identifier the LSM
49 can use the NetLabel caching functions to associate the LSM internal
52 NetLabel translation mechanisms bypassed but the LSM translation mechanisms are
Dcipso_ipv4.rst26 that it is set upon the socket's creation. The LSM can set the socket's CIPSO
35 IP layer without any special handling required by the LSM. However, in order
36 to decode and translate the CIPSO label on the packet the LSM must use the
39 LSM hook.
55 mappings from the network labels to the corresponding LSM identifiers. The
Dintroduction.rst47 LSM independent which should allow multiple LSMs to leverage the same code
/Linux-v5.4/Documentation/admin-guide/LSM/
Dtomoyo.rst8 TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
15 Though these tutorials use non-LSM version of TOMOYO, they are useful for you
59 multiple LSM modules at the same time. We feel sorry that you have to give up
62 We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
64 LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
65 to port non-LSM version's functionalities to LSM versions.
DSafeSetID.rst4 SafeSetID is an LSM module that gates the setid family of syscalls to restrict
31 This SafeSetID LSM seeks to provide a solution for restricting setid
34 The main use case for this LSM is to allow a non-root program to transition to
37 additional restrictions imposed by this LSM would mean it is a "safer" version
54 as implemented in this LSM, an alternative option would be to simply take away
88 Use an existing LSM
99 This LSM hooks the setid syscalls to make sure transitions are allowed if an
Dindex.rst5 The Linux Security Module (LSM) framework provides a mechanism for
13 The primary users of the LSM interface are Mandatory Access Control
16 MAC extensions, other extensions can be built using the LSM to provide
DLoadPin.rst12 The LSM is selectable at build-time with ``CONFIG_SECURITY_LOADPIN``, and
/Linux-v5.4/Documentation/security/
Dlsm.rst37 The Linux Security Modules (LSM) project was started by WireX to develop
38 such a framework. LSM is a joint development effort by several security
45 by the LSM kernel patch.
47 LSM Framework
50 The LSM kernel patch provides a general kernel framework to support
51 security modules. In particular, the LSM framework is primarily focused
55 the infrastructure to support security modules. The LSM kernel patch
59 `LSM Capabilities Module <#cap>`__.
61 The LSM kernel patch adds security fields to kernel data structures and
68 The LSM security fields are simply ``void*`` pointers. For process and
[all …]
Dlsm-development.rst6 a new LSM is accepted into the kernel when its intent (a description of
8 use it) has been appropriately documented in ``Documentation/admin-guide/LSM/``.
9 This allows an LSM's code to be easily compared to its goals, and so
13 For extensive documentation on the available LSM hook interfaces, please
DSCTP.rst7 SCTP LSM Support
192 The `SCTP LSM Support`_ chapter above describes the following SCTP security
252 `SCTP LSM Support`_ gives a summary of the ``@optname``
Dcredentials.rst201 5. LSM
204 operations that a task may do. Currently Linux supports several LSM
237 * LSM security label;
251 (groups, keys, LSM security) a refcounted structure of type 'struct cred'.
326 void *current_security(void) Current's LSM security pointer
468 LSM a chance to do likewise, then it will use ``rcu_assign_pointer()`` to
DIMA-templates.rst15 the inode UID/GID or the LSM labels either of the inode and of the process
/Linux-v5.4/Documentation/translations/zh_CN/process/
D3.Early-stage.rst24 接到Linux安全模块(LSM)框架中;这个模块可以配置为允许特定的应用程序访问
28 内核社区来说,这被视为对LSM框架的滥用(LSM框架并不打算授予他们原本不具备的
/Linux-v5.4/security/lockdown/
DKconfig6 Build support for an LSM that enforces a coarse kernel lockdown
10 bool "Enable lockdown LSM early in init"
13 Enable the lockdown LSM early in boot. This is necessary in order
/Linux-v5.4/Documentation/ABI/testing/
Dima_policy9 the policy can be constrained based on LSM specific data.
39 lsm: are LSM specific
91 Examples of LSM specific definitions:
/Linux-v5.4/scripts/selinux/
DREADME1 Please see Documentation/admin-guide/LSM/SELinux.rst for information on
/Linux-v5.4/security/yama/
DKconfig12 Documentation/admin-guide/LSM/Yama.rst.
/Linux-v5.4/security/safesetid/
DKconfig8 SafeSetID is an LSM module that gates the setid family of syscalls to
/Linux-v5.4/security/
DKconfig130 int "Low address space for LSM to protect from user allocation"
144 systems running LSM.
245 prompt "First legacy 'major LSM' to be initialized"
278 config LSM config
/Linux-v5.4/fs/proc/
Dbase.c146 #define ATTR(LSM, NAME, MODE) \ argument
149 { .lsm = LSM })
2612 #define LSM_DIR_OPS(LSM) \ argument
2613 static int proc_##LSM##_attr_dir_iterate(struct file *filp, \
2617 LSM##_attr_dir_stuff, \
2618 ARRAY_SIZE(LSM##_attr_dir_stuff)); \
2621 static const struct file_operations proc_##LSM##_attr_dir_ops = { \
2623 .iterate = proc_##LSM##_attr_dir_iterate, \
2627 static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \
2631 LSM##_attr_dir_stuff, \
[all …]
/Linux-v5.4/Documentation/admin-guide/
Dindex.rst86 LSM/index
/Linux-v5.4/Documentation/userspace-api/
Dno_new_privs.rst39 interfere with LSM-based sandboxing.)
/Linux-v5.4/Documentation/filesystems/caching/
Dcachefiles.txt314 CacheFiles is implemented to deal properly with the LSM security features of
343 and asks LSM to supply a security ID as which it should act given the
414 bypassing security and calling inode ops directly. Therefore the VFS and LSM
443 LSM hooks exist that allow SELinux (or Smack or whatever) to reject a request
/Linux-v5.4/Documentation/process/
D3.Early-stage.rst25 kernel module intended to hook into the Linux Security Module (LSM)
32 misuse of the LSM framework (which is not intended to confer privileges
/Linux-v5.4/Documentation/translations/it_IT/process/
D3.Early-stage.rst32 framework Linux Security Module (LSM); questo modulo poteva essere
39 invece, era un uso improprio del framework LSM (che non è progettato per

12