Home
last modified time | relevance | path

Searched +full:kernel +full:- +full:policy (Results 1 – 25 of 161) sorted by relevance

1234567

/Documentation/security/
Dipe.rst1 .. SPDX-License-Identifier: GPL-2.0
3 Integrity Policy Enforcement (IPE) - Kernel Documentation
10 :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
13 ---------------------
16 of a locked-down system. This system would be born-secure, and have
20 policy. A mandatory access control system would be present, and
27 2. DM-Verity
29 Both options were carefully considered, however the choice to use DM-Verity
41 enforce the integrity policy, or it should not.
44 policy would indicate what labels required integrity verification, which
[all …]
/Documentation/admin-guide/mm/
Dnuma_memory_policy.rst2 NUMA Memory Policy
5 What is NUMA Memory Policy?
8 In the Linux kernel, "memory policy" determines from which node the kernel will
10 supported platforms with Non-Uniform Memory Access architectures since 2.4.?.
11 The current memory policy support was added to Linux 2.6 around May 2004. This
12 document attempts to describe the concepts and APIs of the 2.6 memory policy
16 (``Documentation/admin-guide/cgroup-v1/cpusets.rst``)
19 programming interface that a NUMA-aware application can take advantage of. When
24 Memory Policy Concepts
28 ------------------------
[all …]
Dhugetlbpage.rst9 the Linux kernel. This support is built on top of multiple page size support
13 256M and ppc64 supports 4K and 16M. A TLB is a cache of virtual-to-physical
19 Users can use the huge page support in Linux kernel by either using the mmap
22 First the Linux kernel needs to be built with the CONFIG_HUGETLBFS
28 persistent hugetlb pages in the kernel's huge page pool. It also displays
73 ``/sys/kernel/mm/hugepages`` (described below).
77 configured in the kernel.
80 pages in the kernel's huge page pool. "Persistent" huge pages will be
89 Pages that are used as huge pages are reserved inside the kernel and cannot
93 Once a number of huge pages have been pre-allocated to the kernel huge page
[all …]
/Documentation/admin-guide/LSM/
DSELinux.rst6 to use the distro-provided policies, or install the
7 latest reference policy release from
11 However, if you want to install a dummy policy for
14 userspace to be installed - in particular you will
15 need checkpolicy to compile a kernel, and setfiles and
18 1. Compile the kernel with selinux enabled.
21 SELinux enabled and a real policy. If
29 Step 4 will create a new dummy policy valid for your
30 kernel, with a single selinux user, role, and type.
31 It will compile the policy, will set your ``SELINUXTYPE`` to
[all …]
Dipe.rst1 .. SPDX-License-Identifier: GPL-2.0
3 Integrity Policy Enforcement (IPE)
9 attempting to use IPE. If you're looking for more developer-focused
13 --------
15 Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a
17 mechanisms that rely on labels and paths for decision-making, IPE focuses
34 a file's origin, such as dm-verity or fs-verity, which provide a layer of
36 that trust files from a dm-verity protected device. dm-verity ensures the
38 of its contents. Similarly, fs-verity offers filesystem-level integrity
40 fs-verity. These two features cannot be turned off once established, so
[all …]
Dapparmor.rst8 AppArmor is MAC style security extension for the Linux kernel. It implements
9 a task centered policy, with task "profiles" being created and loaded
24 Build the kernel
27 ``security=apparmor`` on the kernel's command line.
31 kernel's command line.
34 policy must be loaded into the kernel from user space (see the Documentation
45 Mailing List - apparmor@lists.ubuntu.com
47 Wiki - http://wiki.apparmor.net
49 User space tools - https://gitlab.com/apparmor
51 Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
/Documentation/trace/
Dstm.rst1 .. SPDX-License-Identifier: GPL-2.0
26 To solve this mapping problem, stm class provides a policy management
28 identifiers to ranges of masters and channels. If these rules (policy)
32 This policy is a tree structure containing rules (policy_node) that
34 associated with it, located in "stp-policy" subsystem directory in
35 configfs. The topmost directory's name (the policy) is formatted as
36 the STM device name to which this policy applies and an arbitrary
40 $ ls /config/stp-policy/dummy_stm.my-policy/user
42 $ cat /config/stp-policy/dummy_stm.my-policy/user/masters
44 $ cat /config/stp-policy/dummy_stm.my-policy/user/channels
[all …]
/Documentation/cpu-freq/
Dcore.rst1 .. SPDX-License-Identifier: GPL-2.0
8 - Dominik Brodowski <linux@brodo.de>
9 - David Kimdon <dwhedon@debian.org>
10 - Rafael J. Wysocki <rafael.j.wysocki@intel.com>
11 - Viresh Kumar <viresh.kumar@linaro.org>
26 drivers or other part of the kernel that need to be informed of
27 policy changes (ex. thermal modules like ACPI) or of all
30 kernel "constant" loops_per_jiffy is updated on frequency changes
37 policy doesn't get freed while being used.
42 CPUFreq notifiers conform to the standard kernel notifier interface.
[all …]
Dcpu-drivers.rst1 .. SPDX-License-Identifier: GPL-2.0
10 - Dominik Brodowski <linux@brodo.de>
11 - Rafael J. Wysocki <rafael.j.wysocki@intel.com>
12 - Viresh Kumar <viresh.kumar@linaro.org>
18 1.2 Per-CPU Initialization
31 So, you just got a brand-new CPU / chipset with datasheets and want to
37 ------------------
40 function check whether this kernel runs on the right CPU and the right
46 .name - The name of this driver.
48 .init - A pointer to the per-policy initialization function.
[all …]
/Documentation/admin-guide/pm/
Dcpufreq.rst1 .. SPDX-License-Identifier: GPL-2.0
20 Operating Performance Points or P-states (in ACPI terminology). As a rule,
24 time (or the more power is drawn) by the CPU in the given P-state. Therefore
29 as possible and then there is no reason to use any P-states different from the
30 highest one (i.e. the highest-performance frequency/voltage configuration
38 put into different P-states.
41 capacity, so as to decide which P-states to put the CPUs into. Of course, since
51 The Linux kernel supports CPU performance scaling by means of the ``CPUFreq``
64 information on the available P-states (or P-state ranges in some cases) and
65 access platform-specific hardware interfaces to change CPU P-states as requested
[all …]
Dintel_pstate.rst1 .. SPDX-License-Identifier: GPL-2.0
17 :doc:`CPU performance scaling subsystem <cpufreq>` in the Linux kernel
22 Documentation/admin-guide/pm/cpufreq.rst if you have not done that yet.]
24 For the processors supported by ``intel_pstate``, the P-state concept is broader
27 information about that). For this reason, the representation of P-states used
32 ``intel_pstate`` maps its internal representation of P-states to frequencies too
38 Since the hardware P-state selection interface used by ``intel_pstate`` is
40 CPUs. Consequently, if ``intel_pstate`` is in use, every ``CPUFreq`` policy
43 time the corresponding CPU is taken offline and need to be re-initialized when
47 only way to pass early-configuration-time parameters to it is via the kernel
[all …]
/Documentation/netlink/specs/
Dnlctrl.yaml1 # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
4 protocol: genetlink-legacy
5 uapi-header: linux/genetlink.h
8 genetlink meta-family that exposes information about all genetlink
9 families registered in the kernel (including itself).
12 -
13 name: op-flags
15 enum-name:
17 - admin-perm
18 - cmd-cap-do
[all …]
/Documentation/filesystems/
Dfscrypt.rst2 Filesystem-level encryption (fscrypt)
11 Note: "fscrypt" in this document refers to the kernel-level portion,
14 covers the kernel-level portion. For command-line examples of how to
20 <https://source.android.com/security/encryption/file-based>`_, over
21 using the kernel's API directly. Using existing tools reduces the
23 completeness this documentation covers the kernel's API anyway.)
25 Unlike dm-crypt, fscrypt operates at the filesystem level rather than
28 filesystem. This is useful for multi-user systems where each user's
29 data-at-rest needs to be cryptographically isolated from the others.
34 directly into supported filesystems --- currently ext4, F2FS, UBIFS,
[all …]
Dtmpfs.rst1 .. SPDX-License-Identifier: GPL-2.0
14 tmpfs puts everything into the kernel internal caches and grows and
21 fly using a remount ('mount -o remount ...') of the filesystem. A tmpfs
45 1) There is always a kernel internal mount which you will not see at
63 mount is used for that. (In the 2.3 kernel versions it was
72 4) And probably a lot more I do not know about :-)
101 extended attributes: "df -i"'s IUsed and IUse% increase, IFree decreases.
111 tmpfs also supports Transparent Huge Pages which requires a kernel
124 See also Documentation/admin-guide/mm/transhuge.rst, which describes the
125 sysfs file /sys/kernel/mm/transparent_hugepage/shmem_enabled: which can
[all …]
/Documentation/arch/x86/
Dintel_txt.rst6 Technology (Intel(R) TXT), defines platform-level enhancements that
13 - Provides dynamic root of trust for measurement (DRTM)
14 - Data protection in case of improper shutdown
15 - Measurement and verification of launched environment
18 non-vPro systems. It is currently available on desktop systems
30 - LinuxTAG 2008:
31 http://www.linuxtag.org/2008/en/conf/events/vp-donnerstag.html
33 - TRUST2008:
34 http://www.trust-conference.eu/downloads/Keynote-Speakers/
35 3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
[all …]
/Documentation/ABI/testing/
Dima_policy1 What: /sys/kernel/security/*/ima/policy
8 loaded into the run-time of this system. At runtime,
9 the policy can be constrained based on LSM specific data.
10 Policies are loaded into the securityfs file ima/policy
12 then closing the file. The new policy takes effect after
13 the file ima/policy is closed.
42 fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
64 Require fs-verity's file digest instead of the
70 (eg, ima-ng). Only valid when action is "measure".
75 appraise_algos:= comma-separated list of hash algorithms
[all …]
Devm1 What: /sys/kernel/security/evm
2 What: /sys/kernel/security/*/evm
8 HMAC-sha1 value across the extended attributes, storing the
12 an HMAC-sha1 generated locally with a
13 trusted/encrypted key stored in the Kernel Key
26 2 Permit modification of EVM-protected metadata at
29 31 Disable further runtime modification of EVM policy
43 HMAC creation and disable all further modification of policy.
50 modification of EVM-protected metadata and
51 disable all further modification of policy. This option is now
[all …]
Dsysfs-kernel-mm-mempolicy-weighted-interleave1 What: /sys/kernel/mm/mempolicy/weighted_interleave/
3 Contact: Linux memory management mailing list <linux-mm@kvack.org>
4 Description: Configuration Interface for the Weighted Interleave policy
6 What: /sys/kernel/mm/mempolicy/weighted_interleave/nodeN
8 Contact: Linux memory management mailing list <linux-mm@kvack.org>
24 system default. The system default may be set by the kernel
/Documentation/userspace-api/netlink/
Dgenetlink-legacy.rst1 .. SPDX-License-Identifier: BSD-3-Clause
9 the ``genetlink-legacy`` protocol level.
15 -------
29 --------------------
31 New Netlink families should use ``multi-attr`` to define arrays.
35 For reference the ``multi-attr`` array may look like this::
37 [ARRAY-ATTR]
41 [SOME-OTHER-ATTR]
42 [ARRAY-ATTR]
47 where ``ARRAY-ATTR`` is the array entry type.
[all …]
/Documentation/core-api/
Dnetlink.rst1 .. SPDX-License-Identifier: BSD-3-Clause
6 Netlink notes for kernel developers
13 ---------------
21 -------------
31 ---------------
44 ----------
48 from the kernel (for example for logging purposes).
51 ------------------------
54 them - make sure to report dump inconsistency with ``NLM_F_DUMP_INTR``.
62 to the kernel space.
[all …]
/Documentation/driver-api/usb/
Dhotplug.rst8 In hotpluggable busses like USB (and Cardbus PCI), end-users plug devices
12 - Find a driver that can handle the device. That may involve
13 loading a kernel module; newer drivers can use module-init-tools
16 - Bind a driver to that device. Bus frameworks do that using a
19 - Tell other subsystems to configure the new device. Print
22 be driver-specific actions.
24 This involves a mix of kernel mode and user mode actions. Making devices
26 administrator to do them: the kernel must trigger them, either passively
31 such programs are called "policy agents" here. Typically they involve
38 Kernel Hotplug Helper (``/sbin/hotplug``)
[all …]
/Documentation/ABI/removed/
Ddevfs2 Date: July 2005 (scheduled), finally removed in kernel v2.6.18
3 Contact: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
6 races, contains a naming policy within the kernel that is
11 kernel tree.
Dsysfs-selinux-disable3 KernelVersion: 2.6.12-rc2 (predates git)
4 Contact: selinux@vger.kernel.org
11 prior to a policy being loaded into the kernel. If disabled via this
17 easy modification of the kernel command line. Unfortunately, allowing
19 kernel's LSM hooks using the "__ro_after_init" feature.
26 slow process of removing this code from the kernel.
/Documentation/driver-api/thermal/
Dx86_pkg_temperature_thermal.rst2 Kernel driver: x86_pkg_temp_thermal
14 ---------
16 Intel® 64 and IA-32 Architectures Software Developer’s Manual (Jan, 2013):
20 -----------
30 --------------------
39 - trip_point_0_temp
40 - trip_point_1_temp
42 User can set any temperature between 0 to TJ-Max temperature. Temperature units
43 are in milli-degree Celsius. Refer to "Documentation/driver-api/thermal/sysfs-api.rst" for
44 thermal sys-fs details.
[all …]
/Documentation/arch/arm/
Dcluster-pm-race-avoidance.rst2 Cluster-wide Power-up/power-down race avoidance algorithm
16 ---------
29 cluster-level operations are only performed when it is truly safe to do
35 disabling those mechanisms may itself be a non-atomic operation (such as
38 power-down and power-up at the cluster level.
46 -----------
50 - DOWN
51 - COMING_UP
52 - UP
53 - GOING_DOWN
[all …]

1234567