Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom/Documentation/admin-guide/LSM?h=rust-6.13 2024-08-20T18:03:47Z 2024-08-20T18:03:47Z Deven Bowers deven.desai@linux.microsoft.com 2024-08-03T06:08:33Z urn:sha1:ac6731870ed943c7c6a8d4114b3ccaddfbdf7d58 Add IPE's admin and developer documentation to the kernel tree. Co-developed-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-06-03T13:43:11Z Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2024-06-03T13:43:11Z urn:sha1:c6144a21169fe7d0d70f1a0dae6f6301e5918d30 TOMOYO project has moved to SourceForge.net . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2021-03-15T19:32:32Z Jiele zhao unclexiaole@gmail.com 2021-03-08T02:03:58Z urn:sha1:0860b72d535f869e26252df66d4f634e1655f84a Loadpin cmdline interface "enabled" has been renamed to "enforce" for a long time, but the User Description Document was not updated. (Meaning unchanged) And kernel_read_file* were moved from linux/fs.h to its own linux/kernel_read_file.h include file. So update that change here. Signed-off-by: Jiele zhao <unclexiaole@gmail.com> Link: https://lore.kernel.org/r/20210308020358.102836-1-unclexiaole@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-10-28T17:42:02Z Mauro Carvalho Chehab mchehab+huawei@kernel.org 2020-10-27T09:51:36Z urn:sha1:afc74ce7b484da5c5698d8eb2472a58c547cbc2b As reported by Sphinx 2.4.4: docs/Documentation/admin-guide/LSM/SafeSetID.rst:110: WARNING: Title underline too short. Note on GID policies and setgroups() ================== Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Link: https://lore.kernel.org/r/4afa281c170daabd1ce522653d5d5d5078ebd92c.1603791716.git.mchehab+huawei@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-10-13T16:17:35Z Thomas Cedeno thomascedeno@google.com 2020-07-16T19:52:01Z urn:sha1:5294bac97e12bdabbb97e9adf44d388612a700b8 The SafeSetID LSM has functionality for restricting setuid() calls based on its configured security policies. This patch adds the analogous functionality for setgid() calls. This is mostly a copy-and-paste change with some code deduplication, plus slight modifications/name changes to the policy-rule-related structs (now contain GID rules in addition to the UID ones) and some type generalization since SafeSetID now needs to deal with kgid_t and kuid_t types. Signed-off-by: Thomas Cedeno <thomascedeno@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org> 2020-07-13T15:40:42Z Kees Cook keescook@chromium.org 2020-07-09T18:51:35Z urn:sha1:9d1bd9e8e028d1e1753120ba53d39fcdaeca6ea6 Replace one dead link for the same person's original presentation on the topic and swap an HTTP URL with HTTPS. While here, linkify the text to make it more readable when rendered. Link: https://lore.kernel.org/lkml/20200708073346.13177-1-grandmaster@al2klimov.de/ Co-developed-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/202007091141.C008B89EC@keescook Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-06-08T15:30:19Z Alexander A. Klimov grandmaster@al2klimov.de 2020-05-26T06:05:44Z urn:sha1:93431e0607e58a3c997a134adc0fad4fdc147dab Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Link: https://lore.kernel.org/r/20200526060544.25127-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2019-10-11T15:58:38Z Christian Kujau lists@nerdbynature.de 2019-10-11T03:36:16Z urn:sha1:0e3901891ab66dce0a51579035594c9b685650dd It appears that some smart quotes were changed to "???" by even smarter software; change them to the dumb but legible variety. Signed-off-by: Christian Kujau <lists@nerdbynature.de> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2019-05-31T20:57:40Z Ke Wu mikewu@google.com 2019-05-30T19:22:08Z urn:sha1:0ff9848067b7b950a4ed70de7f5028600a2157e3 Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to make sure loaded kernel module and kernel image are trusted. This patch adds a kernel command line option "loadpin.exclude" which allows to exclude specific file types from LoadPin. This is useful when people want to use different mechanisms to verify module and kernel image while still use LoadPin to protect the integrity of other files kernel loads. Signed-off-by: Ke Wu <mikewu@google.com> Reviewed-by: James Morris <jamorris@linux.microsoft.com> [kees: fix array size issue reported by Coverity via Colin Ian King] Signed-off-by: Kees Cook <keescook@chromium.org> 2019-01-25T19:22:45Z Micah Morton mortonm@chromium.org 2019-01-16T15:46:06Z urn:sha1:aeca4e2ca65c1aeacfbe520684e6421719d99417 SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set. Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>