en Copyright 2015 Java http://kernelsources.org:8080/source/history/linux/Documentation/process/threat-model.rst#36d49bba19f2c19c933d13b25dcf4eb607a030b3 Merge tag 'docs-7.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/docs/linuxPull documentation fixes from Jonathan Corbet: "This is Willy Tarreau's new document clarifying the definition and handling of security-related bugs, which we're trying to get out there quickly on the theory that some of the bug reporters might actually read and pay attention to it"* tag 'docs-7.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/docs/linux: docs: threat-model: don't limit root capabilities to CAP_SYS_ADMIN docs: security-bugs: add a link to the threat-model documentation Documentation: security-bugs: clarify requirements for AI-assisted reports Documentation: security-bugs: explain what is and is not a security bug Documentation: security-bugs: do not systematically Cc the security team List of files: /linux/Documentation/process/threat-model.rst Fri, 15 May 2026 21:24:09 +0200 Linus Torvalds <torvalds@linux-foundation.org> http://kernelsources.org:8080/source/history/linux/Documentation/process/threat-model.rst#f2e65e4e5b4b4b9ecf43f03c3fdbe8c9a8a43a9e docs: threat-model: don't limit root capabilities to CAP_SYS_ADMINThe threat-model document says that only users with CAP_SYS_ADMIN can carryout a number of admin-level tasks, but there are numerous capabilities thatcan confer that sort of power. Generalize the text slightly to make itclear that CAP_SYS_ADMIN is not the only all-powerful capability.Acked-by: Willy Tarreau <w@1wt.eu>Signed-off-by: Jonathan Corbet <corbet@lwn.net> List of files: /linux/Documentation/process/threat-model.rst Wed, 13 May 2026 22:58:53 +0200 Jonathan Corbet <corbet@lwn.net> http://kernelsources.org:8080/source/history/linux/Documentation/process/threat-model.rst#561458db0d6b08b4e4956c6e4456d7781b18676f docs: security-bugs: add a link to the threat-model documentationRather than make readers search for this document, just a link to it whereit is referenced.(While I was at it, I removed the unused and unneeded _threatmodel labelfrom the top of threat-model.rst).Acked-by: Willy Tarreau <w@1wt.eu>Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>Signed-off-by: Jonathan Corbet <corbet@lwn.net> List of files: /linux/Documentation/process/threat-model.rst Wed, 13 May 2026 22:51:29 +0200 Jonathan Corbet <corbet@lwn.net> http://kernelsources.org:8080/source/history/linux/Documentation/process/threat-model.rst#a03ef333fbd6cd861c8457c3d055ee3643a9baad Documentation: security-bugs: explain what is and is not a security bugThe use of automated tools to find bugs in random locations of the kernelinduces a raise of security reports even if most of them should just bereported as regular bugs. This patch is an attempt at drawing a linebetween what qualifies as a security bug and what does not, hoping toimprove the situation and ease decision on the reporter's side.It defers the enumeration to a new file, threat-model.rst, that triesto enumerate various classes of issues that are and are not securitybugs. This should permit to more easily update this file for varioussubsystem-specific rules without having to revisit the security bugreporting guide.Cc: Greg KH <gregkh@linuxfoundation.org>Cc: Leon Romanovsky <leon@kernel.org>Suggested-by: Leon Romanovsky <leon@kernel.org>Suggested-by: Greg KH <gregkh@linuxfoundation.org>Reviewed-by: Leon Romanovsky <leon@kernel.org>Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>Signed-off-by: Willy Tarreau <w@1wt.eu>Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>Signed-off-by: Jonathan Corbet <corbet@lwn.net>Message-ID: <20260509094755.2838-3-w@1wt.eu> List of files: /linux/Documentation/process/threat-model.rst Sat, 09 May 2026 11:47:54 +0200 Willy Tarreau <w@1wt.eu>