Home
last modified time | relevance | path

Searched full:security (Results 1 – 25 of 181) sorted by relevance

12345678

/Documentation/security/
Dlsm.rst2 Linux Security Modules: General Security Hooks for Linux
16 In March 2001, the National Security Agency (NSA) gave a presentation
17 about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel Summit.
20 implemented as its own particular kernel patch. Several other security
25 patch to support its security needs.
28 remarks that described a security framework he would be willing to
30 general framework that would provide a set of security hooks to control
31 operations on kernel objects and a set of opaque security fields in
32 kernel data structures for maintaining security attributes. This
34 desired model of security. Linus also suggested the possibility of
[all …]
Dcredentials.rst12 There are several parts to the security check performed by Linux when one
47 The objective context is used as part of the security calculation that is
67 is used as part of the security calculation that is carried out when a
84 7. Rules, access control lists and security calculations.
86 When a subject acts upon an object, a security calculation is made. This
182 These are only carried by tasks. They carry and cache security tokens
186 programs having to know about security details involved.
199 For more information on using keys, see ``Documentation/security/keys/*``.
203 The Linux Security Module allows extra controls to be placed over the
231 objective security context of that file. Depending on the type of filesystem,
[all …]
DSCTP.rst10 Security Hooks
13 For security module support, three SCTP specific hooks have been implemented::
19 Also the following security hook has been utilised::
30 security module. Returns 0 on success, error on failure.
39 Passes one or more ipv4/ipv6 addresses to the security module for validation
133 Security Hooks used for Association Establishment
189 Security Hooks
192 The `SCTP LSM Support`_ chapter above describes the following SCTP security
204 security module. Returns 0 on success, error on failure.
210 The security module performs the following operations:
[all …]
/Documentation/driver-api/nvdimm/
Dsecurity.rst2 NVDIMM Security
9 specification [1], security DSMs are introduced. The spec added the following
10 security DSMs: "get security state", "set passphrase", "disable passphrase",
12 data structure has been added to struct dimm in order to support the security
17 The "security" sysfs attribute is provided in the nvdimm sysfs directory. For
19 /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem0/security
21 The "show" attribute of that attribute will display the security state for
23 frozen, and overwrite. If security is not supported, the sysfs attribute
27 in order to support some of the security functionalities:
29 disable <keyid> - disable enabled security and remove key.
[all …]
/Documentation/netlabel/
Dlsm_interface.rst2 NetLabel Linux Security Module Interface
12 NetLabel is a mechanism which can set and retrieve security attributes from
15 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
18 NetLabel Security Attributes
22 it uses the concept of security attributes to refer to the packet's security
23 labels. The NetLabel security attributes are defined by the
25 NetLabel subsystem converts the security attributes to and from the correct
28 security attributes into whatever security identifiers are in use for their
44 label and the internal LSM security identifier can be time consuming. The
47 LSM has received a packet, used NetLabel to decode its security attributes,
[all …]
Dintroduction.rst12 NetLabel is a mechanism which can be used by kernel security modules to attach
13 security attributes to outgoing network packets generated from user space
14 applications and read security attributes from incoming network packets. It
16 layer, and the kernel security module API.
22 network packet's security attributes. If any translation between the network
23 security attributes and those on the host are required then the protocol
26 the NetLabel kernel security module API described below.
41 Security Module API
44 The purpose of the NetLabel security module API is to provide a protocol
46 to protocol independence, the security module API is designed to be completely
[all …]
Dcipso_ipv4.rst13 IP Security Option (CIPSO) draft from July 16, 1992. A copy of this
27 label by using the NetLabel security module API; if the NetLabel "domain" is
37 NetLabel security module API to extract the security attributes of the packet.
44 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
49 different security attribute mapping table.
54 The NetLabel system provides a framework for caching security attribute
Ddraft-ietf-cipso-ipsecurity-01.txt6 COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
13 IP Security Option (CIPSO). This draft reflects the version as approved by
35 Currently the Internet Protocol includes two security options. One of
36 these options is the DoD Basic Security Option (BSO) (Type 130) which allows
37 IP datagrams to be labeled with security classifications. This option
38 provides sixteen security classifications and a variable number of handling
39 restrictions. To handle additional security information, such as security
40 categories or compartments, another security option (Type 133) exists and
41 is referred to as the DoD Extended Security Option (ESO). The values for
46 mandatory access controls and multi-level security. These systems are
[all …]
/Documentation/admin-guide/
Dsecurity-bugs.rst3 Security bugs
6 Linux kernel developers take security very seriously. As such, we'd
7 like to know when a security bug is found so that it can be fixed and
8 disclosed as quickly as possible. Please report security bugs to the
9 Linux kernel security team.
14 The Linux kernel security team can be contacted by email at
15 <security@kernel.org>. This is a private list of security officers
19 security team will bring in extra help from area maintainers to
20 understand and fix the security vulnerability.
32 The security list is not a disclosure channel. For that, see Coordination
[all …]
Dthunderbolt.rst18 keep in mind that this bypasses the security levels and makes the system
21 Security levels and how to use them
24 security levels available. Intel Titan Ridge added one more security level
30 The security levels are as follows:
60 The current security level can be read from
61 ``/sys/bus/thunderbolt/devices/domainX/security`` where ``domainX`` is
65 If the security level reads as ``user`` or ``secure`` the connected
74 Authorizing devices when security level is ``user`` or ``secure``
92 If the device supports secure connect, and the domain security level is
109 the same way as in the ``user`` security level.
[all …]
/Documentation/admin-guide/LSM/
Dindex.rst2 Linux Security Module Usage
5 The Linux Security Module (LSM) framework provides a mechanism for
6 various security checks to be hooked by new kernel extensions. The name
10 ``"security=..."`` kernel command line argument, in the case where multiple
14 (MAC) extensions which provide a comprehensive security policy. Examples
25 A list of the active security modules can be found by reading
26 ``/sys/kernel/security/lsm``. This is a comma separated list, and
32 Process attributes associated with "major" security modules should
34 A security module may maintain a module specific subdirectory there,
36 security module and contains all its special files. The files directly
Dapparmor.rst8 AppArmor is MAC style security extension for the Linux kernel. It implements
19 If AppArmor should be selected as the default security module then set::
26 If AppArmor is not the default security module it can be enabled by passing
27 ``security=apparmor`` on the kernel's command line.
29 If AppArmor is the default security module it can be disabled by passing
30 ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
Dtomoyo.rst21 Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
39 TOMOYO Linux: pragmatic and manageable security for Linux
47 The role of "pathname based access control" in security.
57 We believe that inode based security and name based security are complementary
/Documentation/process/
Dembargoed-hardware-issues.rst7 Hardware issues which result in security problems are a different category
8 of security bugs than pure software bugs which only affect the Linux
23 The Linux kernel hardware security team is separate from the regular Linux
24 kernel security team.
26 The team only handles the coordination of embargoed hardware security
27 issues. Reports of pure software security bugs in the Linux kernel are not
29 Linux kernel security team (:ref:`Documentation/admin-guide/
32 The team can be contacted by email at <hardware-security@kernel.org>. This
33 is a private list of security officers who will help you to coordinate an
41 While hardware security issues are often handled by the affected hardware
[all …]
Dstable-kernel-rules.rst16 security issue, or some "oh, that's not good" issue. In short, something
44 - Security patches should not be handled (solely) by the -stable review
46 :ref:`Documentation/admin-guide/security-bugs.rst <securitybugs>`.
162 - Security patches will be accepted into the -stable tree directly from the
163 security kernel team, and not go through the normal review cycle.
164 Contact the kernel security team for more details on this procedure.
/Documentation/ABI/testing/
Devm1 What: security/evm
5 EVM protects a file's security extended attributes(xattrs)
8 value as the extended attribute 'security.evm'.
10 EVM supports two classes of security.evm. The first is
49 or validate the 'security.evm' xattr, but returns
56 Documentation/security/keys/trusted-encrypted.rst. Both
61 What: security/integrity/evm/evm_xattrs
/Documentation/filesystems/caching/
Dcachefiles.txt21 (*) Security model and SELinux.
23 (*) A note on security.
311 SECURITY MODEL AND SELINUX
314 CacheFiles is implemented to deal properly with the LSM security features of
319 security context that is not appropriate for accessing the cache - either
324 The way CacheFiles works is to temporarily change the security context (fsuid,
325 fsgid and actor security label) that the process acts as - without changing the
326 security context of the process when it the target of an operation performed by
332 (1) Finds the security label attached to the root cache directory and uses
333 that as the security label with which it will create files. By default,
[all …]
/Documentation/virt/kvm/devices/
Dvm.txt132 u8 kmac[16]; # valid with Message-Security-Assist
133 u8 kmc[16]; # valid with Message-Security-Assist
134 u8 km[16]; # valid with Message-Security-Assist
135 u8 kimd[16]; # valid with Message-Security-Assist
136 u8 klmd[16]; # valid with Message-Security-Assist
137 u8 pckmo[16]; # valid with Message-Security-Assist-Extension 3
138 u8 kmctr[16]; # valid with Message-Security-Assist-Extension 4
139 u8 kmf[16]; # valid with Message-Security-Assist-Extension 4
140 u8 kmo[16]; # valid with Message-Security-Assist-Extension 4
141 u8 pcc[16]; # valid with Message-Security-Assist-Extension 4
[all …]
/Documentation/ABI/stable/
Dsysfs-hypervisor-xen7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
53 Might return "<denied>" in case of special security settings
70 Might return "0" in case of special security settings
102 Might return "<denied>" in case of special security settings
/Documentation/translations/zh_CN/
DSecurityBugs1 Chinese translated version of Documentation/admin-guide/security-bugs.rst
11 Documentation/admin-guide/security-bugs.rst 的中文翻译
30 linux内核安全团队可以通过email<security@kernel.org>来联系。这是
/Documentation/admin-guide/cifs/
Dintroduction.rst12 security reaasons. All modern dialects, including the most recent,
22 Microsoft Azure), including the necessary security features.
26 security features, excellent parallelized high performance i/o, better
/Documentation/devicetree/bindings/gpio/
Dnvidia,tegra186-gpio.txt14 a) Security registers, which allow configuration of allowed access to the GPIO
16 address space. The size of this block, and the security features available,
82 - "security": Optional. Security configuration registers.
136 reg-names = "security", "gpio";
155 reg-names = "security", "gpio";
/Documentation/devicetree/bindings/clock/
Darmada3700-periph-clock.txt17 2 sec_at Security AT
18 3 sac_dap Security DAP
19 4 tsecm Security Engine
/Documentation/filesystems/
Dmount_api.txt13 (4) Filesystem context security.
56 Note that security initialisation is done *after* the filesystem is called so
77 void *security;
134 (*) void *security
136 A place for the LSMs to hang their security data for the superblock. The
137 relevant security operations are described below.
166 VFS, security and filesystem mount options are set individually with
220 Security options will also have been weeded out and fc->security updated.
266 FILESYSTEM CONTEXT SECURITY
269 The filesystem context contains a security pointer that the LSMs can use for
[all …]
/Documentation/networking/
Drxrpc.txt22 (*) Security.
67 manage security on the client end. The server end must of necessity be
68 more active in security negotiations.
137 (*) Security is negotiated on a per-connection basis. The connection is
138 initiated by the first data packet on it arriving. If security is
140 replies with a "response". If the response is successful, the security is
142 upon it use that same security. In the event that the server lets a
143 connection lapse before the client, the security will be renegotiated if
191 the same key struct describing their security (and assuming the calls
273 secret keys corresponding to the security types it permits. When a secure
[all …]

12345678