Home
last modified time | relevance | path

Searched full:security (Results 1 – 25 of 1391) sorted by relevance

12345678910>>...56

/linux/Documentation/security/
H A Dlsm.rst2 Linux Security Modules: General Security Hooks for Linux
16 In March 2001, the National Security Agency (NSA) gave a presentation
17 about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel Summit.
20 implemented as its own particular kernel patch. Several other security
25 patch to support its security needs.
28 remarks that described a security framework he would be willing to
30 general framework that would provide a set of security hooks to control
31 operations on kernel objects and a set of opaque security fields in
32 kernel data structures for maintaining security attributes. This
34 desired model of security. Linus also suggested the possibility of
[all …]
/linux/drivers/memory/tegra/
H A Dtegra194.c20 .security = 0x004,
30 .security = 0x00c,
40 .security = 0x014,
50 .security = 0x0ac,
60 .security = 0x0b4,
70 .security = 0x0e4,
80 .security = 0x0fc,
90 .security = 0x13c,
100 .security = 0x15c,
110 .security = 0x1ac,
[all …]
H A Dtegra186.c78 if (client->regs.sid.security == 0 && client->regs.sid.override == 0) in tegra186_mc_client_sid_override()
81 value = readl(mc->regs + client->regs.sid.security); in tegra186_mc_client_sid_override()
100 writel(value, mc->regs + client->regs.sid.security); in tegra186_mc_client_sid_override()
176 .security = 0x004,
186 .security = 0x074,
196 .security = 0x0ac,
206 .security = 0x0b4,
216 .security = 0x0e4,
226 .security = 0x0fc,
236 .security = 0x13c,
[all …]
H A Dtegra234.c17 * override and security register offsets.
29 .security = 0xac,
41 .security = 0xe4,
53 .security = 0x144,
65 .security = 0x14c,
77 .security = 0x154,
89 .security = 0x15c,
101 .security = 0x164,
113 .security = 0x16c,
125 .security = 0x174,
[all …]
/linux/security/
H A DKconfig3 # Security configuration
6 menu "Security options"
8 source "security/keys/Kconfig"
54 config SECURITY config
55 bool "Enable different security models"
59 This allows you to choose different security modules to be
62 If this option is not selected, the default Linux security
71 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
76 bool "Socket and Networking Security Hooks"
77 depends on SECURITY
[all …]
H A Dsecurity.c3 * Security plug functions
58 * all security modules to use the same descriptions for auditing
338 /* Process "security=", if given. */ in ordered_lsm_parse()
343 * To match the original "security=" behavior, this in ordered_lsm_parse()
353 init_debug("security=%s disabled: %s (only one legacy major LSM)\n", in ordered_lsm_parse()
378 /* Process "security=", if given. */ in ordered_lsm_parse()
384 append_ordered_lsm(lsm, "security="); in ordered_lsm_parse()
455 pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", in ordered_lsm_init()
518 * security_init - initializes the security framework
526 init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*"); in security_init()
[all …]
/linux/Documentation/userspace-api/
H A Dlsm.rst6 Linux Security Modules
12 Linux security modules (LSM) provide a mechanism to implement
13 additional access controls to the Linux security policies.
15 The various security modules may support any of these attributes:
17 ``LSM_ATTR_CURRENT`` is the current, active security context of the
20 This is supported by the SELinux, Smack and AppArmor security modules.
24 ``LSM_ATTR_EXEC`` is the security context of the process at the time the
27 This is supported by the SELinux and AppArmor security modules.
30 ``LSM_ATTR_FSCREATE`` is the security context of the process used when
33 This is supported by the SELinux security module.
[all …]
/linux/Documentation/process/
H A Dsecurity-bugs.rst3 Security bugs
6 Linux kernel developers take security very seriously. As such, we'd
7 like to know when a security bug is found so that it can be fixed and
8 disclosed as quickly as possible. Please report security bugs to the
9 Linux kernel security team.
14 The Linux kernel security team can be contacted by email at
15 <security@kernel.org>. This is a private list of security officers
19 security team will bring in extra help from area maintainers to
20 understand and fix the security vulnerability.
39 The security list is not a disclosure channel. For that, see Coordination
[all …]
H A Dembargoed-hardware-issues.rst9 Hardware issues which result in security problems are a different category
10 of security bugs than pure software bugs which only affect the Linux
25 The Linux kernel hardware security team is separate from the regular Linux
26 kernel security team.
28 The team only handles developing fixes for embargoed hardware security
29 issues. Reports of pure software security bugs in the Linux kernel are not
31 Linux kernel security team (:ref:`Documentation/admin-guide/
34 The team can be contacted by email at <hardware-security@kernel.org>. This
35 is a private list of security officers who will help you coordinate a fix
43 - PGP: https://www.kernel.org/static/files/hardware-security.asc
[all …]
H A Dcve.rst7 security vulnerabilities. Over time, their usefulness has declined with
12 security identifiers, and ongoing abuses by individuals and companies
17 potential Linux kernel security issues. This assignment is independent
18 of the :doc:`normal Linux kernel security bug reporting
19 process<../process/security-bugs>`.
31 potentially security issues are identified by the developers responsible
37 any bug might be exploitable to compromise the security of the kernel,
47 security issues should be sent to this alias, it is ONLY for assignment
49 feel you have found an unfixed security issue, please follow the
50 :doc:`normal Linux kernel security bug reporting
[all …]
/linux/Documentation/driver-api/nvdimm/
H A Dsecurity.rst2 NVDIMM Security
9 specification [1], security DSMs are introduced. The spec added the following
10 security DSMs: "get security state", "set passphrase", "disable passphrase",
12 data structure has been added to struct dimm in order to support the security
17 The "security" sysfs attribute is provided in the nvdimm sysfs directory. For
19 /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem0/security
21 The "show" attribute of that attribute will display the security state for
23 frozen, and overwrite. If security is not supported, the sysfs attribute
27 in order to support some of the security functionalities:
29 disable <keyid> - disable enabled security and remove key.
[all …]
/linux/Documentation/netlabel/
H A Dlsm_interface.rst2 NetLabel Linux Security Module Interface
12 NetLabel is a mechanism which can set and retrieve security attributes from
15 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
18 NetLabel Security Attributes
22 it uses the concept of security attributes to refer to the packet's security
23 labels. The NetLabel security attributes are defined by the
25 NetLabel subsystem converts the security attributes to and from the correct
28 security attributes into whatever security identifiers are in use for their
44 label and the internal LSM security identifier can be time consuming. The
47 LSM has received a packet, used NetLabel to decode its security attributes,
[all …]
H A Dintroduction.rst12 NetLabel is a mechanism which can be used by kernel security modules to attach
13 security attributes to outgoing network packets generated from user space
14 applications and read security attributes from incoming network packets. It
16 layer, and the kernel security module API.
22 network packet's security attributes. If any translation between the network
23 security attributes and those on the host are required then the protocol
26 the NetLabel kernel security module API described below.
41 Security Module API
44 The purpose of the NetLabel security module API is to provide a protocol
46 to protocol independence, the security module API is designed to be completely
[all …]
H A Ddraft-ietf-cipso-ipsecurity-01.txt6 COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
13 IP Security Option (CIPSO). This draft reflects the version as approved by
35 Currently the Internet Protocol includes two security options. One of
36 these options is the DoD Basic Security Option (BSO) (Type 130) which allows
37 IP datagrams to be labeled with security classifications. This option
38 provides sixteen security classifications and a variable number of handling
39 restrictions. To handle additional security information, such as security
40 categories or compartments, another security option (Type 133) exists and
41 is referred to as the DoD Extended Security Option (ESO). The values for
46 mandatory access controls and multi-level security. These systems are
[all …]
/linux/security/integrity/evm/
H A DKconfig12 EVM protects a file's security extended attributes against
38 In addition to the original security xattrs (eg. security.selinux,
39 security.SMACK64, security.capability, and security.ima) included
41 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
42 security.SMACK64MMAP.
57 /sys/kernel/security/integrity/evm/evm_xattrs.
/linux/security/selinux/
H A Dxfrm.c3 * Security-Enhanced Linux (SELinux) security module
29 * 3. Testing addition of sk_policy's with security context via setsockopt
33 #include <linux/security.h>
63 * Returns true if the xfrm contains a security blob for SELinux.
67 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
71 * Allocates a xfrm_sec_state and populates it using the supplied security
177 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
178 if (x->security) in selinux_xfrm_state_pol_flow_match()
185 if (!x->security) in selinux_xfrm_state_pol_flow_match()
193 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
[all …]
/linux/Documentation/admin-guide/LSM/
H A Dindex.rst2 Linux Security Module Usage
5 The Linux Security Module (LSM) framework provides a mechanism for
6 various security checks to be hooked by new kernel extensions. The name
10 ``"security=..."`` kernel command line argument, in the case where multiple
14 (MAC) extensions which provide a comprehensive security policy. Examples
25 A list of the active security modules can be found by reading
26 ``/sys/kernel/security/lsm``. This is a comma separated list, and
32 Process attributes associated with "major" security modules should
34 A security module may maintain a module specific subdirectory there,
36 security module and contains all its special files. The files directly
H A Dapparmor.rst8 AppArmor is MAC style security extension for the Linux kernel. It implements
19 If AppArmor should be selected as the default security module then set::
26 If AppArmor is not the default security module it can be enabled by passing
27 ``security=apparmor`` on the kernel's command line.
29 If AppArmor is the default security module it can be disabled by passing
30 ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
/linux/fs/cachefiles/
H A Dsecurity.c2 /* CacheFiles security management
13 * determine the security context within which we access the cache from within
33 pr_err("Security denies permission to nominate security context: error %d\n", in cachefiles_get_security_ID()
56 pr_err("Security denies permission to make dirs: error %d", in cachefiles_check_cache_dir()
63 pr_err("Security denies permission to create files: error %d", in cachefiles_check_cache_dir()
70 * check the security details of the on-disk cache
71 * - must be called with security override in force
72 * - must return with a security override in force - even in the case of an
92 /* use the cache root dir's security context as the basis with in cachefiles_determine_cache_security()
/linux/include/uapi/linux/
H A Drxrpc.h33 #define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */
34 #define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */
36 #define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */
63 * RxRPC security levels
70 * RxRPC security indices
72 #define RXRPC_SECURITY_NONE 0 /* no security protocol */
102 * Rx kerberos security abort codes
103 * - unfortunately we have no generalised security abort codes to say things
104 * like "unsupported security", so we have to use these instead and hope the
107 #define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */
[all …]
/linux/drivers/crypto/allwinner/
H A DKconfig9 tristate "Support for Allwinner Security System cryptographic accelerator"
20 Security System. Select this if you want to use it.
21 The Security System handle AES/DES/3DES ciphers in CBC mode
28 bool "Support for Allwinner Security System PRNG"
33 the Pseudo-Random Number Generator found in the Security System.
98 tristate "Support for Allwinner Security System cryptographic offloader"
108 Select y here to have support for the Security System available on
110 The Security System handle AES/3DES ciphers in ECB/CBC mode.
125 bool "Support for Allwinner Security System PRNG"
130 the Pseudo-Random Number Generator found in the Security System.
/linux/security/selinux/include/
H A Dobjsec.h3 * Security-Enhanced Linux (SELinux) security module
5 * This file contains the SELinux security data structures for kernel objects.
52 u16 sclass; /* security class of this object */
80 u16 sclass; /* security class of this object */
118 u16 sclass; /* sock security class */
154 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
173 return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; in selinux_msg_msg()
179 return ipc->security + selinux_blob_sizes.lbs_ipc; in selinux_ipc()
183 * get the subjective security ID of the current task
201 return key->security + selinux_blob_sizes.lbs_key; in selinux_key()
[all …]
/linux/fs/ceph/
H A DKconfig43 bool "CephFS Security Labels"
44 depends on CEPH_FS && SECURITY
46 Security labels support alternative access control models
47 implemented by security modules like SELinux. This option
48 enables an extended attribute handler for file security
51 If you are not using a security module that requires using
52 extended attributes for file security labels, say N.
/linux/security/tomoyo/
H A Dsecurityfs_if.c3 * security/tomoyo/securityfs_if.c
8 #include <linux/security.h>
29 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
91 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
118 /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
125 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
140 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
153 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
167 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
183 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
[all …]
/linux/drivers/char/tpm/
H A DKconfig13 If you have a TPM security chip in your system, which
40 and interposer attacks (see tpm-security.rst). Saying Y
66 If you have a TPM security chip that is compliant with the
77 If you have a TPM security chip which is connected to a regular,
97 If you have a TPM security chip, compliant with the TCG TPM PTP
108 If you have a TPM security chip that is compliant with the
128 If you have an Atmel I2C TPM security chip say Yes and it will be
137 If you have a TPM security chip that is compliant with the
148 If you have a TPM security chip with an I2C interface from
158 If you have a TPM security chip from National Semiconductor
[all …]

12345678910>>...56