Home
last modified time | relevance | path

Searched +full:kernel +full:- +full:policy (Results 1 – 25 of 783) sorted by relevance

12345678910>>...32

/linux/Documentation/security/
H A Dipe.rst1 .. SPDX-License-Identifier: GPL-2.0
3 Integrity Policy Enforcement (IPE) - Kernel Documentation
10 :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
13 ---------------------
16 of a locked-down system. This system would be born-secure, and have
20 policy. A mandatory access control system would be present, and
27 2. DM-Verity
29 Both options were carefully considered, however the choice to use DM-Verity
41 enforce the integrity policy, or it should not.
44 policy would indicate what labels required integrity verification, which
[all …]
/linux/tools/perf/Documentation/
H A Dsecurity.txt6 https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
13 Targeted policy with perf_event_open() access control capabilities:
15 1. Download selinux-policy SRPM package (e.g. selinux-policy-3.14.4-48.fc31.src.rpm on FC31)
18 # rpm -Uhv selinux-policy-3.14.4-48.fc31.src.rpm
22 # rpmbuild -bp selinux-policy.spec
24 3. Place patch below at rpmbuild/BUILD/selinux-policy-b86eaaf4dbcf2d51dd4432df7185c0eaf3cbcc02
27 # patch -p1 < selinux-policy-perf-events-perfmon.patch
28 patching file policy/flask/access_vectors
29 patching file policy/flask/security_classes
30 # cat selinux-policy-perf-events-perfmon.patch
[all …]
/linux/security/apparmor/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
14 http://apparmor.wiki.kernel.org
43 Set the default value of the apparmor.debug kernel parameter.
45 the kernel message buffer.
48 bool "Allow loaded policy to be introspected"
52 This option selects whether introspection of loaded policy
54 adds to kernel memory usage. It is required for introspection
55 of loaded policy, and check point and restore support. It
66 This option selects whether introspection of loaded policy
69 checking loaded policy. This option adds to policy load
[all …]
/linux/security/integrity/ima/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
42 running kernel must be saved and restored on boot.
44 Depending on the IMA policy, the measurement list can grow to
61 Disabling this option will disregard LSM based policy rules.
71 limited to 255 characters. The 'ima-ng' measurement list
77 bool "ima-ng (default)"
79 bool "ima-sig"
84 default "ima-ng" if IMA_NG_TEMPLATE
85 default "ima-sig" if IMA_SIG_TEMPLATE
93 hash algorithm can be overwritten using the kernel command
[all …]
H A Dima_main.c1 // SPDX-License-Identifier: GPL-2.0-only
54 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { in hash_setup()
94 mapping_writably_mapped(file->f_mapping)) { in mmap_violation_check()
95 rc = -ETXTBSY; in mmap_violation_check()
98 if (!*pathbuf) /* ima_rdwr_violation possibly pre-fetched */ in mmap_violation_check()
99 *pathname = ima_d_path(&file->f_path, pathbuf, in mmap_violation_check()
111 * - Opening a file for write when already open for read,
113 * - Opening a file for read when already open for write,
125 fmode_t mode = file->f_mode; in ima_rdwr_violation_check()
129 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { in ima_rdwr_violation_check()
[all …]
/linux/Documentation/admin-guide/mm/
H A Dnuma_memory_policy.rst2 NUMA Memory Policy
5 What is NUMA Memory Policy?
8 In the Linux kernel, "memory policy" determines from which node the kernel will
10 supported platforms with Non-Uniform Memory Access architectures since 2.4.?.
11 The current memory policy support was added to Linux 2.6 around May 2004. This
12 document attempts to describe the concepts and APIs of the 2.6 memory policy
16 (``Documentation/admin-guide/cgroup-v1/cpusets.rst``)
19 programming interface that a NUMA-aware application can take advantage of. When
24 Memory Policy Concepts
28 ------------------------
[all …]
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst1 .. SPDX-License-Identifier: GPL-2.0
3 Integrity Policy Enforcement (IPE)
9 attempting to use IPE. If you're looking for more developer-focused
13 --------
15 Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a
17 mechanisms that rely on labels and paths for decision-making, IPE focuses
34 a file's origin, such as dm-verity or fs-verity, which provide a layer of
36 that trust files from a dm-verity protected device. dm-verity ensures the
38 of its contents. Similarly, fs-verity offers filesystem-level integrity
40 fs-verity. These two features cannot be turned off once established, so
[all …]
H A DSELinux.rst6 to use the distro-provided policies, or install the
7 latest reference policy release from
11 However, if you want to install a dummy policy for
14 userspace to be installed - in particular you will
15 need checkpolicy to compile a kernel, and setfiles and
18 1. Compile the kernel with selinux enabled.
21 SELinux enabled and a real policy. If
29 Step 4 will create a new dummy policy valid for your
30 kernel, with a single selinux user, role, and type.
31 It will compile the policy, will set your ``SELINUXTYPE`` to
[all …]
/linux/security/tomoyo/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
11 This selects TOMOYO Linux, pathname-based access control.
23 that are automatically appended into policy at "learning mode".
36 audit logs that the kernel can hold on memory.
37 You can read the log via /sys/kernel/security/tomoyo/audit.
41 bool "Activate without calling userspace policy loader."
45 Say Y here if you want to activate access control as soon as built-in
46 policy was loaded. This option will be useful for systems where
48 needed before loading the policy. For example, you can activate
49 immediately after loading the fixed part of policy which will allow
[all …]
/linux/tools/testing/selftests/kexec/
H A Dtest_kexec_file_load.sh2 # SPDX-License-Identifier: GPL-2.0
4 # Loading a kernel image via the kexec_file_load syscall can verify either
6 # both signatures depending on the IMA policy, or none.
8 # To determine whether the kernel image is signed, this test depends
9 # on pesign and getfattr. This test also requires the kernel to be
11 # enabled or access to the extract-ikconfig script.
16 trap "{ rm -f $IKCONFIG ; }" EXIT
18 # Some of the IMA builtin policies may require the kexec kernel image to
19 # be signed, but these policy rules may be replaced with a custom
20 # policy. Only CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS persists after
[all …]
/linux/Documentation/trace/
H A Dstm.rst1 .. SPDX-License-Identifier: GPL-2.0
26 To solve this mapping problem, stm class provides a policy management
28 identifiers to ranges of masters and channels. If these rules (policy)
32 This policy is a tree structure containing rules (policy_node) that
34 associated with it, located in "stp-policy" subsystem directory in
35 configfs. The topmost directory's name (the policy) is formatted as
36 the STM device name to which this policy applies and an arbitrary
40 $ ls /config/stp-policy/dummy_stm.my-policy/user
42 $ cat /config/stp-policy/dummy_stm.my-policy/user/masters
44 $ cat /config/stp-policy/dummy_stm.my-policy/user/channels
[all …]
/linux/Documentation/admin-guide/pm/
H A Dcpufreq.rst1 .. SPDX-License-Identifier: GPL-2.0
20 Operating Performance Points or P-states (in ACPI terminology). As a rule,
24 time (or the more power is drawn) by the CPU in the given P-state. Therefore
29 as possible and then there is no reason to use any P-states different from the
30 highest one (i.e. the highest-performance frequency/voltage configuration
38 put into different P-states.
41 capacity, so as to decide which P-states to put the CPUs into. Of course, since
51 The Linux kernel supports CPU performance scaling by means of the ``CPUFreq``
64 information on the available P-states (or P-state ranges in some cases) and
65 access platform-specific hardware interfaces to change CPU P-states as requested
[all …]
H A Dintel_pstate.rst1 .. SPDX-License-Identifier: GPL-2.0
17 :doc:`CPU performance scaling subsystem <cpufreq>` in the Linux kernel
22 Documentation/admin-guide/pm/cpufreq.rst if you have not done that yet.]
24 For the processors supported by ``intel_pstate``, the P-state concept is broader
27 information about that). For this reason, the representation of P-states used
32 ``intel_pstate`` maps its internal representation of P-states to frequencies too
38 Since the hardware P-state selection interface used by ``intel_pstate`` is
40 CPUs. Consequently, if ``intel_pstate`` is in use, every ``CPUFreq`` policy
43 time the corresponding CPU is taken offline and need to be re-initialized when
47 only way to pass early-configuration-time parameters to it is via the kernel
[all …]
/linux/security/ipe/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
3 # Integrity Policy Enforcement (IPE) configuration
7 bool "Integrity Policy Enforcement (IPE)"
16 This option enables the Integrity Policy Enforcement LSM
17 allowing users to define a policy to enforce a trust-based access
18 control. A key feature of IPE is a customizable policy to allow
25 string "Integrity policy to apply on system startup"
27 This option specifies a filepath to an IPE policy that is compiled
28 into the kernel. This policy will be enforced until a policy update
35 bool "IPE policy update verification with secondary keyring"
[all …]
/linux/Documentation/filesystems/
H A Dfscrypt.rst2 Filesystem-level encryption (fscrypt)
11 Note: "fscrypt" in this document refers to the kernel-level portion,
14 covers the kernel-level portion. For command-line examples of how to
20 <https://source.android.com/security/encryption/file-based>`_, over
21 using the kernel's API directly. Using existing tools reduces the
23 completeness this documentation covers the kernel's API anyway.)
25 Unlike dm-crypt, fscrypt operates at the filesystem level rather than
28 filesystem. This is useful for multi-user systems where each user's
29 data-at-rest needs to be cryptographically isolated from the others.
34 directly into supported filesystems --- currently ext4, F2FS, UBIFS,
[all …]
H A Dtmpfs.rst1 .. SPDX-License-Identifier: GPL-2.0
14 tmpfs puts everything into the kernel internal caches and grows and
21 fly using a remount ('mount -o remount ...') of the filesystem. A tmpfs
45 1) There is always a kernel internal mount which you will not see at
63 mount is used for that. (In the 2.3 kernel versions it was
72 4) And probably a lot more I do not know about :-)
101 extended attributes: "df -i"'s IUsed and IUse% increase, IFree decreases.
111 tmpfs also supports Transparent Huge Pages which requires a kernel
124 See also Documentation/admin-guide/mm/transhuge.rst, which describes the
125 sysfs file /sys/kernel/mm/transparent_hugepage/shmem_enabled: which can
[all …]
/linux/kernel/sched/
H A Dsyscalls.c1 // SPDX-License-Identifier: GPL-2.0-only
3 * kernel/sched/syscalls.c
5 * Core kernel scheduler syscalls related code
7 * Copyright (C) 1991-2002 Linus Torvalds
8 * Copyright (C) 1998-2024 Ingo Molnar, Red Hat
19 static inline int __normal_prio(int policy, int rt_prio, int nice) in __normal_prio() argument
23 if (dl_policy(policy)) in __normal_prio()
24 prio = MAX_DL_PRIO - 1; in __normal_prio()
25 else if (rt_policy(policy)) in __normal_prio()
26 prio = MAX_RT_PRIO - 1 - rt_prio; in __normal_prio()
[all …]
/linux/Documentation/cpu-freq/
H A Dcore.rst1 .. SPDX-License-Identifier: GPL-2.0
8 - Dominik Brodowski <linux@brodo.de>
9 - David Kimdon <dwhedon@debian.org>
10 - Rafael J. Wysocki <rafael.j.wysocki@intel.com>
11 - Viresh Kumar <viresh.kumar@linaro.org>
26 drivers or other part of the kernel that need to be informed of
27 policy changes (ex. thermal modules like ACPI) or of all
30 kernel "constant" loops_per_jiffy is updated on frequency changes
37 policy doesn't get freed while being used.
42 CPUFreq notifiers conform to the standard kernel notifier interface.
[all …]
/linux/drivers/cpufreq/
H A Damd-pstate-ut.c1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * AMD Processor P-state Frequency Driver Unit Test
9 * The AMD P-State Unit Test is a test module for testing the amd-pstate
11 * (SBIOS/Firmware or Hardware). 2) Kernel can have a basic function
12 * test to avoid the kernel regression during the update. 3) We can
19 * See Documentation/admin-guide/pm/amd-pstate.rst Unit Tests for
20 * amd-pstate to get more detail.
25 #include <linux/kernel.h>
32 #include "amd-pstate.h"
36 * amd_pstate_ut: used as a shortform for AMD P-State unit test.
[all …]
H A Dsh-cpufreq.c4 * Copyright (C) 2002 - 2012 Paul Mundt
7 * Clock framework bits from arch/avr32/mach-at32ap/cpufreq.c
9 * Copyright (C) 2004-2007 Atmel Corporation
19 #include <linux/kernel.h>
33 struct cpufreq_policy *policy; member
45 struct cpufreq_policy *policy = target->policy; in __sh_cpufreq_target() local
46 int cpu = policy->cpu; in __sh_cpufreq_target()
53 return -ENODEV; in __sh_cpufreq_target()
58 freq = clk_round_rate(cpuclk, target->freq * 1000); in __sh_cpufreq_target()
60 if (freq < (policy->min * 1000) || freq > (policy->max * 1000)) in __sh_cpufreq_target()
[all …]
H A Damd_freq_sensitivity.c1 // SPDX-License-Identifier: GPL-2.0-only
11 #include <linux/kernel.h>
15 #include <linux/percpu-defs.h>
39 static unsigned int amd_powersave_bias_target(struct cpufreq_policy *policy, in amd_powersave_bias_target() argument
46 struct cpu_data_t *data = &per_cpu(cpu_data, policy->cpu); in amd_powersave_bias_target()
47 struct policy_dbs_info *policy_dbs = policy->governor_data; in amd_powersave_bias_target()
48 struct dbs_data *od_data = policy_dbs->dbs_data; in amd_powersave_bias_target()
49 struct od_dbs_tuners *od_tuners = od_data->tuners; in amd_powersave_bias_target()
51 if (!policy->freq_table) in amd_powersave_bias_target()
54 rdmsr_on_cpu(policy->cpu, MSR_AMD64_FREQ_SENSITIVITY_ACTUAL, in amd_powersave_bias_target()
[all …]
/linux/tools/power/cpupower/lib/
H A Dcpufreq.h1 /* SPDX-License-Identifier: GPL-2.0-only */
3 * cpufreq.h - definitions for libcpufreq
5 * Copyright (C) 2004-2009 Dominik Brodowski <linux@dominikbrodowski.de>
50 * - _kernel variant means kernel's opinion of CPU frequency
51 * - _hardware variant means actual hardware CPU frequency,
66 * returns 0 on failure, else transition latency in 10^(-9) s = nanoseconds
74 * considerations by cpufreq policy notifiers in the kernel.
93 /* determine CPUfreq policy currently used
102 void cpufreq_put_policy(struct cpufreq_policy *policy);
122 * Only present on _some_ ->target() cpufreq drivers. For information purposes
[all …]
/linux/drivers/macintosh/
H A Dwindfarm_cpufreq_clamp.c1 // SPDX-License-Identifier: GPL-2.0-only
4 #include <linux/kernel.h>
65 struct cpufreq_policy *policy; in wf_cpufreq_clamp_init() local
70 policy = cpufreq_cpu_get(0); in wf_cpufreq_clamp_init()
71 if (!policy) { in wf_cpufreq_clamp_init()
72 pr_warn("%s: cpufreq policy not found cpu0\n", __func__); in wf_cpufreq_clamp_init()
73 return -EPROBE_DEFER; in wf_cpufreq_clamp_init()
76 min_freq = policy->cpuinfo.min_freq; in wf_cpufreq_clamp_init()
77 max_freq = policy->cpuinfo.max_freq; in wf_cpufreq_clamp_init()
79 ret = freq_qos_add_request(&policy->constraints, &qos_req, FREQ_QOS_MAX, in wf_cpufreq_clamp_init()
[all …]
/linux/Documentation/arch/x86/
H A Dintel_txt.rst6 Technology (Intel(R) TXT), defines platform-level enhancements that
13 - Provides dynamic root of trust for measurement (DRTM)
14 - Data protection in case of improper shutdown
15 - Measurement and verification of launched environment
18 non-vPro systems. It is currently available on desktop systems
30 - LinuxTAG 2008:
31 http://www.linuxtag.org/2008/en/conf/events/vp-donnerstag.html
33 - TRUST2008:
34 http://www.trust-conference.eu/downloads/Keynote-Speakers/
35 3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
[all …]
/linux/drivers/gpu/drm/xe/
H A Dxe_gt_sriov_pf_debugfs.c1 // SPDX-License-Identifier: MIT
3 * Copyright © 2023-2024 Intel Corporation
26 * /sys/kernel/debug/dri/0/
27 * ├── gt0 # d_inode->i_private = gt
28 * │   ├── pf # d_inode->i_private = gt
29 * │   ├── vf1 # d_inode->i_private = VFID(1)
31 * │   ├── vfN # d_inode->i_private = VFID(N)
36 return d->d_inode->i_private; in extract_priv()
41 return extract_priv(d->d_parent); in extract_gt()
50 * /sys/kernel/debug/dri/0/
[all …]

12345678910>>...32