kernel\-policy (full) in projects: linux

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched +full:kernel +full:- +full:policy (Results 1 – 25 of 607) sorted by relevance

12 3 4 5 6 7 8 9 10 >>...25

/linux/Documentation/security/
H A D	ipe.rst	1 .. SPDX-License-Identifier: GPL-2.0 3 Integrity Policy Enforcement (IPE) - Kernel Documentation 10 :doc:`IPE admin guide </admin-guide/LSM/ipe>`. 13 --------------------- 16 of a locked-down system. This system would be born-secure, and have 20 policy. A mandatory access control system would be present, and 27 2. DM-Verity 29 Both options were carefully considered, however the choice to use DM-Verity 41 enforce the integrity policy, or it should not. 44 policy would indicate what labels required integrity verification, which [all …]
/linux/tools/perf/Documentation/
H A D	security.txt	6 https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html 13 Targeted policy with perf_event_open() access control capabilities: 15 1. Download selinux-policy SRPM package (e.g. selinux-policy-3.14.4-48.fc31.src.rpm on FC31) 18 # rpm -Uhv selinux-policy-3.14.4-48.fc31.src.rpm 22 # rpmbuild -bp selinux-policy.spec 24 3. Place patch below at rpmbuild/BUILD/selinux-policy-b86eaaf4dbcf2d51dd4432df7185c0eaf3cbcc02 27 # patch -p1 < selinux-policy-perf-events-perfmon.patch 28 patching file policy/flask/access_vectors 29 patching file policy/flask/security_classes 30 # cat selinux-policy-perf-events-perfmon.patch [all …]
/linux/security/apparmor/
H A D	Kconfig	1 # SPDX-License-Identifier: GPL-2.0-only 14 http://apparmor.wiki.kernel.org 43 Set the default value of the apparmor.debug kernel parameter. 45 the kernel message buffer. 48 bool "Allow loaded policy to be introspected" 52 This option selects whether introspection of loaded policy 54 adds to kernel memory usage. It is required for introspection 55 of loaded policy, and check point and restore support. It 66 This option selects whether introspection of loaded policy 69 checking loaded policy. This option adds to policy load [all …]
/linux/security/integrity/ima/
H A D	Kconfig	`1 # SPDX-License-Identifier: GPL-2.0-only 42 running kernel must be saved and restored on boot. 44 Depending on the IMA policy, the measurement list can grow to 61 Disabling this option will disregard LSM based policy rules. 71 limited to 255 characters. The 'ima-ng' measurement list 77 bool "ima-ng (default)" 79 bool "ima-si [all...]`
H A D	ima_main.c	1 // SPDX-License-Identifier: GPL-2.0-only 54 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { in hash_setup() 94 mapping_writably_mapped(file->f_mapping)) { in mmap_violation_check() 95 rc = -ETXTBSY; in mmap_violation_check() 98 if (!pathbuf) / ima_rdwr_violation possibly pre-fetched / in mmap_violation_check() 99 pathname = ima_d_path(&file->f_path, pathbuf, in mmap_violation_check() 111 * - Opening a file for write when already open for read, 113 * - Opening a file for read when already open for write, 125 fmode_t mode = file->f_mode; in ima_rdwr_violation_check() 129 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { in ima_rdwr_violation_check() [all …]
/linux/Documentation/admin-guide/mm/
H A D	numa_memory_policy.rst	2 NUMA Memory Policy 5 What is NUMA Memory Policy? 8 In the Linux kernel, "memory policy" determines from which node the kernel will 10 supported platforms with Non-Uniform Memory Access architectures since 2.4.?. 11 The current memory policy support was added to Linux 2.6 around May 2004. This 12 document attempts to describe the concepts and APIs of the 2.6 memory policy 16 (``Documentation/admin-guide/cgroup-v1/cpusets.rst``) 19 programming interface that a NUMA-aware application can take advantage of. When 24 Memory Policy Concepts 28 ------------------------ [all …]
H A D	transhuge.rst	26 requiring larger clear-page copy-page in page faults which is a 29 reducing the enter/exit kernel frequency by a 512 times factor). This 48 Modern kernels support "multi-size THP" (mTHP), which introduces the 50 but smaller than traditional PMD-size (as described above), in 51 increments of a power-of-2 number of pages. mTHP can back anonymous 53 PTE-mapped, but in many cases can still provide similar benefits to 56 prominent because the size of each page isn't as huge as the PMD-sized 66 collapses sequences of basic pages into PMD-sized huge pages. 91 possible to disable hugepages system-wide and to only have them inside 108 ------------------- [all …]
/linux/security/tomoyo/
H A D	Kconfig	1 # SPDX-License-Identifier: GPL-2.0-only 11 This selects TOMOYO Linux, pathname-based access control. 23 that are automatically appended into policy at "learning mode". 36 audit logs that the kernel can hold on memory. 37 You can read the log via /sys/kernel/security/tomoyo/audit. 41 bool "Activate without calling userspace policy loader." 45 Say Y here if you want to activate access control as soon as built-in 46 policy was loaded. This option will be useful for systems where 48 needed before loading the policy. For example, you can activate 49 immediately after loading the fixed part of policy which will allow [all …]
/linux/rust/kernel/
H A D	cpufreq.rs	1 // SPDX-License-Identifier: GPL-2.0 9 //! Reference: <https://docs.kernel.org/admin-guide/pm/cpufreq.html> 55 /// Supports multiple clock domains with per-policy governors in `cpu/cpuN/cpufreq/`. 58 /// Allows post-change notifications outside of the `target()` routine. 61 /// Ensure CPU starts at a valid frequency from the driver's freq-table. 90 // Construct from a C-compatible `u32` value. 91 fn new(val: u32) -> Result<Self> { in new() 104 // Convert to a C-compatible `u32` value. 105 fn from(rel: Relation) -> Self { in from() 120 /// Policy data. [all …]
/linux/Documentation/admin-guide/LSM/
H A D	ipe.rst	1 .. SPDX-License-Identifier: GPL-2.0 3 Integrity Policy Enforcement (IPE) 9 attempting to use IPE. If you're looking for more developer-focused 13 -------- 15 Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a 17 mechanisms that rely on labels and paths for decision-making, IPE focuses 34 a file's origin, such as dm-verity or fs-verity, which provide a layer of 36 that trust files from a dm-verity protected device. dm-verity ensures the 38 of its contents. Similarly, fs-verity offers filesystem-level integrity 40 fs-verity. These two features cannot be turned off once established, so [all …]
H A D	SELinux.rst	6 to use the distro-provided policies, or install the 7 latest reference policy release from 11 However, if you want to install a dummy policy for 14 userspace to be installed - in particular you will 15 need checkpolicy to compile a kernel, and setfiles and 18 1. Compile the kernel with selinux enabled. 21 SELinux enabled and a real policy. If 29 Step 4 will create a new dummy policy valid for your 30 kernel, with a single selinux user, role, and type. 31 It will compile the policy, will set your ``SELINUXTYPE`` to [all …]
/linux/tools/testing/selftests/kexec/
H A D	test_kexec_file_load.sh	2 # SPDX-License-Identifier: GPL-2.0 4 # Loading a kernel image via the kexec_file_load syscall can verify either 6 # both signatures depending on the IMA policy, or none. 8 # To determine whether the kernel image is signed, this test depends 9 # on pesign and getfattr. This test also requires the kernel to be 11 # enabled or access to the extract-ikconfig script. 16 trap "{ rm -f $IKCONFIG ; }" EXIT 18 # Some of the IMA builtin policies may require the kexec kernel image to 19 # be signed, but these policy rules may be replaced with a custom 20 # policy. Only CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS persists after [all …]
/linux/Documentation/trace/
H A D	stm.rst	1 .. SPDX-License-Identifier: GPL-2.0 26 To solve this mapping problem, stm class provides a policy management 28 identifiers to ranges of masters and channels. If these rules (policy) 32 This policy is a tree structure containing rules (policy_node) that 34 associated with it, located in "stp-policy" subsystem directory in 35 configfs. The topmost directory's name (the policy) is formatted as 36 the STM device name to which this policy applies and an arbitrary 40 $ ls /config/stp-policy/dummy_stm.my-policy/user 42 $ cat /config/stp-policy/dummy_stm.my-policy/user/masters 44 $ cat /config/stp-policy/dummy_stm.my-policy/user/channels [all …]
/linux/security/ipe/
H A D	Kconfig	1 # SPDX-License-Identifier: GPL-2.0-only 3 # Integrity Policy Enforcement (IPE) configuration 7 bool "Integrity Policy Enforcement (IPE)" 16 This option enables the Integrity Policy Enforcement LSM 17 allowing users to define a policy to enforce a trust-based access 18 control. A key feature of IPE is a customizable policy to allow 25 string "Integrity policy to apply on system startup" 27 This option specifies a filepath to an IPE policy that is compiled 28 into the kernel. This policy will be enforced until a policy update 35 bool "IPE policy update verification with secondary keyring" [all …]
/linux/drivers/cpufreq/
H A D	amd-pstate-ut.c	1 // SPDX-License-Identifier: GPL-2.0-or-later 3 * AMD Processor P-state Frequency Driver Unit Test 9 * The AMD P-State Unit Test is a test module for testing the amd-pstate 11 * (SBIOS/Firmware or Hardware). 2) Kernel can have a basic function 12 * test to avoid the kernel regression during the update. 3) We can 19 * See Documentation/admin-guide/pm/amd-pstate.rst Unit Tests for 20 * amd-pstate to get more detail. 26 #include <linux/kernel.h> 36 #include "amd-pstate.h" 45 * Kernel module for testing the AMD P-State unit test [all …]
H A D	rcpufreq_dt.rs	1 // SPDX-License-Identifier: GPL-2.0 3 //! Rust based implementation of the cpufreq-dt driver. 5 use kernel::{ 21 fn find_supply_name_exact(dev: &Device, name: &str) -> Option<CString> { in find_supply_name_exact() 22 let prop_name = CString::try_from_fmt(fmt!("{}-supply", name)).ok()?; in find_supply_name_exact() 29 fn find_supply_names(dev: &Device, cpu: cpu::CpuId) -> Option<KVec<CString>> { in find_supply_names() 59 const NAME: &'static CStr = c_str!("cpufreq-dt"); 65 fn init(policy: &mut cpufreq::Policy) -> Result<Self::PData> { in init() 66 let cpu = policy.cpu(); in init() 67 // SAFETY: The CPU device is only used during init; it won't get hot-unplugged. The cpufreq in init() [all …]
H A D	amd-pstate.c	1 // SPDX-License-Identifier: GPL-2.0-or-later 3 * amd-pstate.c - AMD Processor P-state Frequency Driver 9 * AMD P-State introduces a new CPU performance scaling design for AMD 12 * frequency control range. It is to replace the legacy ACPI P-States control, 13 * allows a flexible, low-latency interface for the Linux kernel to directly 16 * AMD P-State is supported on recent AMD Zen base CPU series include some of 18 * P-State supported system. And there are two types of hardware implementations 19 * for AMD P-State: 1) Full MSR Solution and 2) Shared Memory Solution. 26 #include <linux/kernel.h> 50 #include "amd-pstate.h" [all …]
/linux/Documentation/admin-guide/pm/
H A D	cpufreq.rst	1 .. SPDX-License-Identifier: GPL-2.0 20 Operating Performance Points or P-states (in ACPI terminology). As a rule, 24 time (or the more power is drawn) by the CPU in the given P-state. Therefore 29 as possible and then there is no reason to use any P-states different from the 30 highest one (i.e. the highest-performance frequency/voltage configuration 38 put into different P-states. 41 capacity, so as to decide which P-states to put the CPUs into. Of course, since 51 The Linux kernel supports CPU performance scaling by means of the ``CPUFreq`` 64 information on the available P-states (or P-state ranges in some cases) and 65 access platform-specific hardware interfaces to change CPU P-states as requested [all …]
H A D	intel_pstate.rst	1 .. SPDX-License-Identifier: GPL-2.0 17 :doc:`CPU performance scaling subsystem <cpufreq>` in the Linux kernel 22 Documentation/admin-guide/pm/cpufreq.rst if you have not done that yet.] 24 For the processors supported by ``intel_pstate``, the P-state concept is broader 27 information about that). For this reason, the representation of P-states used 32 ``intel_pstate`` maps its internal representation of P-states to frequencies too 38 Since the hardware P-state selection interface used by ``intel_pstate`` is 40 CPUs. Consequently, if ``intel_pstate`` is in use, every ``CPUFreq`` policy 43 time the corresponding CPU is taken offline and need to be re-initialized when 47 only way to pass early-configuration-time parameters to it is via the kernel [all …]
/linux/Documentation/cpu-freq/
H A D	core.rst	1 .. SPDX-License-Identifier: GPL-2.0 8 - Dominik Brodowski <linux@brodo.de> 9 - David Kimdon <dwhedon@debian.org> 10 - Rafael J. Wysocki <rafael.j.wysocki@intel.com> 11 - Viresh Kumar <viresh.kumar@linaro.org> 26 drivers or other part of the kernel that need to be informed of 27 policy changes (ex. thermal modules like ACPI) or of all 30 kernel "constant" loops_per_jiffy is updated on frequency changes 37 policy doesn't get freed while being used. 42 CPUFreq notifiers conform to the standard kernel notifier interface. [all …]
/linux/drivers/macintosh/
H A D	windfarm_cpufreq_clamp.c	1 // SPDX-License-Identifier: GPL-2.0-only 4 #include <linux/kernel.h> 65 struct cpufreq_policy *policy; in wf_cpufreq_clamp_init() local 70 policy = cpufreq_cpu_get(0); in wf_cpufreq_clamp_init() 71 if (!policy) { in wf_cpufreq_clamp_init() 72 pr_warn("%s: cpufreq policy not found cpu0\n", __func__); in wf_cpufreq_clamp_init() 73 return -EPROBE_DEFER; in wf_cpufreq_clamp_init() 76 min_freq = policy->cpuinfo.min_freq; in wf_cpufreq_clamp_init() 77 max_freq = policy->cpuinfo.max_freq; in wf_cpufreq_clamp_init() 79 ret = freq_qos_add_request(&policy->constraints, &qos_req, FREQ_QOS_MAX, in wf_cpufreq_clamp_init() [all …]
/linux/kernel/sched/
H A D	syscalls.c	1 // SPDX-License-Identifier: GPL-2.0-only 3 * kernel/sched/syscalls.c 5 * Core kernel scheduler syscalls related code 7 * Copyright (C) 1991-2002 Linus Torvalds 8 * Copyright (C) 1998-2024 Ingo Molnar, Red Hat 19 static inline int __normal_prio(int policy, int rt_prio, int nice) in __normal_prio() argument 23 if (dl_policy(policy)) in __normal_prio() 296 int policy = attr->sched_policy; DEFINE_CLASS() local 460 user_check_sched_setscheduler(struct task_struct * p,const struct sched_attr * attr,int policy,int reset_on_fork) user_check_sched_setscheduler() argument 520 int oldpolicy = -1, policy = attr->sched_policy; __sched_setscheduler() local 759 _sched_setscheduler(struct task_struct * p,int policy,const struct sched_param * param,bool check) _sched_setscheduler() argument 792 sched_setscheduler(struct task_struct * p,int policy,const struct sched_param * param) sched_setscheduler() argument 822 sched_setscheduler_nocheck(struct task_struct * p,int policy,const struct sched_param * param) sched_setscheduler_nocheck() argument 874 do_sched_setscheduler(pid_t pid,int policy,struct sched_param __user * param) do_sched_setscheduler() argument 955 SYSCALL_DEFINE3(sched_setscheduler,pid_t,pid,int,policy,struct sched_param __user *,param) SYSCALL_DEFINE3() argument 1485 SYSCALL_DEFINE1(sched_get_priority_max,int,policy) SYSCALL_DEFINE1() argument 1513 SYSCALL_DEFINE1(sched_get_priority_min,int,policy) SYSCALL_DEFINE1() argument [all...]
/linux/Documentation/arch/x86/
H A D	intel_txt.rst	6 Technology (Intel(R) TXT), defines platform-level enhancements that 13 - Provides dynamic root of trust for measurement (DRTM) 14 - Data protection in case of improper shutdown 15 - Measurement and verification of launched environment 18 non-vPro systems. It is currently available on desktop systems 30 - LinuxTAG 2008: 31 http://www.linuxtag.org/2008/en/conf/events/vp-donnerstag.html 33 - TRUST2008: 34 http://www.trust-conference.eu/downloads/Keynote-Speakers/ 35 3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf [all …]
/linux/Documentation/netlink/specs/
H A D	nlctrl.yaml	`1 # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 4 protocol: genetlink-legacy 5 uapi-header: linux/genetlink.h 8 genetlink meta-family that exposes information about all genetlink 9 families registered in the kernel (including itself). 12 - 13 name: op-flags 15 enum-name: 17 - admin-perm 18 - cmd-cap-do [all …]`
/linux/tools/testing/selftests/net/netfilter/
H A D	nft_queue.sh	`23 rm -f "$TMPINPUT" 24 rm -f "$TMPFILE0" 25 rm -f "$TMPFILE1" 26 rm -f "$TMPFILE2" "$TMPFILE3" 29 checktool "nft --version" "test without nft tool" 30 checktool "socat -h" "run test without socat" 32 modprobe -q sctp 49 echo "SKIP: No virtual ethernet pair device support in kernel" 55 ip -ne [all...]`

12 3 4 5 6 7 8 9 10 >>...25