Home
last modified time | relevance | path

Searched refs:security (Results 1 – 25 of 326) sorted by relevance

12345678910>>...14

/linux/Documentation/security/
H A Dlsm.rst20 implemented as its own particular kernel patch. Several other security
25 patch to support its security needs.
28 remarks that described a security framework he would be willing to
30 general framework that would provide a set of security hooks to control
31 operations on kernel objects and a set of opaque security fields in
32 kernel data structures for maintaining security attributes. This
34 desired model of security. Linus also suggested the possibility of
38 such a framework. LSM was a joint development effort by several security
44 security module.
50 security modules. In particular, the LSM framework is primarily focused
[all …]
H A Dlsm-development.rst14 see ``security/security.c`` and associated structures:
16 .. kernel-doc:: security/security.c
/linux/Documentation/userspace-api/
H A Dlsm.rst12 Linux security modules (LSM) provide a mechanism to implement
13 additional access controls to the Linux security policies.
15 The various security modules may support any of these attributes:
17 ``LSM_ATTR_CURRENT`` is the current, active security context of the
20 This is supported by the SELinux, Smack and AppArmor security modules.
24 ``LSM_ATTR_EXEC`` is the security context of the process at the time the
27 This is supported by the SELinux and AppArmor security modules.
30 ``LSM_ATTR_FSCREATE`` is the security context of the process used when
33 This is supported by the SELinux security module.
35 ``LSM_ATTR_KEYCREATE`` is the security context of the process used when
[all …]
/linux/Documentation/driver-api/nvdimm/
H A Dsecurity.rst9 specification [1], security DSMs are introduced. The spec added the following
10 security DSMs: "get security state", "set passphrase", "disable passphrase",
12 data structure has been added to struct dimm in order to support the security
17 The "security" sysfs attribute is provided in the nvdimm sysfs directory. For
19 /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem0/security
21 The "show" attribute of that attribute will display the security state for
23 frozen, and overwrite. If security is not supported, the sysfs attribute
27 in order to support some of the security functionalities:
29 disable <keyid> - disable enabled security and remove key.
30 freeze - freeze changing of security states.
[all …]
/linux/Documentation/netlabel/
H A Dintroduction.rst12 NetLabel is a mechanism which can be used by kernel security modules to attach
13 security attributes to outgoing network packets generated from user space
14 applications and read security attributes from incoming network packets. It
16 layer, and the kernel security module API.
22 network packet's security attributes. If any translation between the network
23 security attributes and those on the host are required then the protocol
26 the NetLabel kernel security module API described below.
44 The purpose of the NetLabel security module API is to provide a protocol
46 to protocol independence, the security module API is designed to be completely
50 Detailed information about the NetLabel security module API can be found in the
H A Dlsm_interface.rst12 NetLabel is a mechanism which can set and retrieve security attributes from
15 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
22 it uses the concept of security attributes to refer to the packet's security
23 labels. The NetLabel security attributes are defined by the
25 NetLabel subsystem converts the security attributes to and from the correct
28 security attributes into whatever security identifiers are in use for their
44 label and the internal LSM security identifier can be time consuming. The
47 LSM has received a packet, used NetLabel to decode its security attributes,
48 and translated the security attributes into a LSM internal identifier the LSM
H A Dcipso_ipv4.rst27 label by using the NetLabel security module API; if the NetLabel "domain" is
37 NetLabel security module API to extract the security attributes of the packet.
44 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
49 different security attribute mapping table.
54 The NetLabel system provides a framework for caching security attribute
/linux/security/integrity/evm/
H A DKconfig12 EVM protects a file's security extended attributes against
38 In addition to the original security xattrs (eg. security.selinux,
39 security.SMACK64, security.capability, and security.ima) included
41 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
42 security.SMACK64MMAP.
57 /sys/kernel/security/integrity/evm/evm_xattrs.
/linux/security/selinux/include/
H A Dobjsec.h186 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
192 return task->security + selinux_blob_sizes.lbs_task; in selinux_task()
218 return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; in selinux_msg_msg()
224 return ipc->security + selinux_blob_sizes.lbs_ipc; in selinux_ipc()
246 return key->security + selinux_blob_sizes.lbs_key; in selinux_key()
255 static inline struct tun_security_struct *selinux_tun_dev(void *security) in selinux_tun_dev() argument
257 return security + selinux_blob_sizes.lbs_tun_dev; in selinux_tun_dev()
275 return map->security + selinux_blob_sizes.lbs_bpf_map; in selinux_bpf_map_security()
281 return prog->aux->security + selinux_blob_sizes.lbs_bpf_prog; in selinux_bpf_prog_security()
287 return token->security + selinux_blob_sizes.lbs_bpf_token; in selinux_bpf_token_security()
/linux/security/
H A DKconfig8 source "security/keys/Kconfig"
74 bool "Enable different security models"
78 This allows you to choose different security modules to be
81 If this option is not selected, the default Linux security
95 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
103 This enables the socket and networking security hooks.
104 If enabled, a security module can use these hooks to
112 This enables the Infiniband security hooks.
113 If enabled, a security module can use these hooks to
121 This enables the XFRM (IPSec) networking security hook
[all...]
H A Dsecurity.c235 return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
270 return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
283 return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
297 return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL); in lsm_key_alloc()
311 return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg, in lsm_msg_msg_alloc()
340 return lsm_blob_alloc(&map->security, blob_sizes.lbs_bpf_map, GFP_KERNEL); in lsm_bpf_map_alloc()
353 return lsm_blob_alloc(&prog->aux->security, blob_sizes.lbs_bpf_prog, GFP_KERNEL); in lsm_bpf_prog_alloc()
366 return lsm_blob_alloc(&token->security, blob_sizes.lbs_bpf_token, GFP_KERNEL); in lsm_bpf_token_alloc()
2806 kfree(task->security); in security_task_free()
2807 task->security = NULL; in security_task_free()
[all …]
/linux/security/selinux/
H A Dxfrm.c67 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
177 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
178 if (x->security) in selinux_xfrm_state_pol_flow_match()
185 if (!x->security) in selinux_xfrm_state_pol_flow_match()
193 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
218 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
233 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
331 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
369 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
381 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
/linux/Documentation/process/
H A Dsecurity-bugs.rst6 Linux kernel developers take security very seriously. As such, we'd
7 like to know when a security bug is found so that it can be fixed and
13 Like with any bug report, a security bug report requires a lot of analysis work
18 **any** security bug report:
39 is not a security bug.
50 "system freezes each time I run this command"), the security team will help
69 What qualifies as a security bug
78 It turns out that the majority of the bugs reported via the security team are
79 just regular bugs that have been improperly qualified as security bugs due to
85 The security list exists for urgent bugs that grant an attacker a capability
[all …]
H A Dembargoed-hardware-issues.rst9 Hardware issues which result in security problems are a different category
10 of security bugs than pure software bugs which only affect the Linux
25 The Linux kernel hardware security team is separate from the regular Linux
26 kernel security team.
28 The team only handles developing fixes for embargoed hardware security
29 issues. Reports of pure software security bugs in the Linux kernel are not
31 Linux kernel security team (:ref:`Documentation/admin-guide/
34 The team can be contacted by email at <hardware-security@kernel.org>. This
35 is a private list of security officers who will help you coordinate a fix
43 - PGP: https://www.kernel.org/static/files/hardware-security.asc
[all …]
H A Dcve.rst7 security vulnerabilities. Over time, their usefulness has declined with
12 security identifiers, and ongoing abuses by individuals and companies
17 potential Linux kernel security issues. This assignment is independent
18 of the :doc:`normal Linux kernel security bug reporting
19 process<../process/security-bugs>`.
31 potentially security issues are identified by the developers responsible
37 any bug might be exploitable to compromise the security of the kernel,
47 security issues should be sent to this alias, it is ONLY for assignment
49 feel you have found an unfixed security issue, please follow the
50 :doc:`normal Linux kernel security bug reporting
[all …]
/linux/Documentation/ABI/testing/
H A Dprocfs-attr-current2 Contact: linux-security-module@vger.kernel.org,
5 Description: The current security information used by a Linux
6 security module (LSM) that is active on the system.
8 this interface and hence obtain the security state
13 this interface and hence change the security state of
H A Dprocfs-attr-exec2 Contact: linux-security-module@vger.kernel.org,
5 Description: The security information to be used on the process
6 by a Linux security module (LSM) active on the system
9 this interface and hence obtain the security state
14 this interface and hence change the security state of
H A Dsysfs-driver-intel-m10-bmc-sec-update1 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/sr_root_entry_hash
11 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/pr_root_entry_hash
21 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/bmc_root_entry_hash
31 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/sr_canceled_csks
39 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/pr_canceled_csks
47 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/bmc_canceled_csks
55 What: /sys/bus/platform/drivers/intel-m10bmc-sec-update/.../security/flash_count
/linux/Documentation/translations/zh_CN/process/
H A Dsecurity-bugs.rst5 :Original: :doc:`../../../process/security-bugs`
21 可以通过电子邮件<security@kernel.org>联系Linux内核安全团队。这是一个安全人员
60 公共 "oss-security" 邮件列表进行。两者紧密关联且被展示在 linux-distros 维基:
61 <https://oss-security.openwall.org/wiki/mailing-lists/distros>
/linux/drivers/acpi/nfit/
H A DKconfig18 bool "Enable debug for NVDIMM security commands"
22 other security features. The payloads for the commands that
24 security material. Disable debug of those command payloads
26 on NVDIMM security enabling say Y, otherwise say N.
/linux/Documentation/translations/zh_CN/security/
H A Dlsm-development.rst4 :Original: Documentation/security/lsm-development.rst
19 有关可用的 LSM 钩子接口的详细文档,请参阅 ``security/security.c`` 及相关结构。
/linux/Documentation/translations/zh_CN/security/secrets/
H A Dcoco.rst4 :Original: Documentation/security/secrets/coco.rst
62 # ls -la /sys/kernel/security/secrets/coco
71 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
77 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
79 # ls -la /sys/kernel/security/secrets/coco
/linux/drivers/gpu/drm/i915/gt/
H A Dgen6_engine_cs.c233 u32 security; in gen6_emit_bb_start() local
236 security = MI_BATCH_NON_SECURE_I965; in gen6_emit_bb_start()
238 security = 0; in gen6_emit_bb_start()
244 cs = __gen6_emit_bb_start(cs, offset, security); in gen6_emit_bb_start()
255 u32 security; in hsw_emit_bb_start() local
258 security = MI_BATCH_PPGTT_HSW | MI_BATCH_NON_SECURE_HSW; in hsw_emit_bb_start()
260 security = 0; in hsw_emit_bb_start()
266 cs = __gen6_emit_bb_start(cs, offset, security); in hsw_emit_bb_start()
/linux/Documentation/translations/zh_TW/admin-guide/
H A Dsecurity-bugs.rst5 :Original: :doc:`../../../process/security-bugs`
21 可以通過電子郵件<security@kernel.org>聯繫Linux內核安全團隊。這是一個安全人員
64 <http://oss-security.openwall.org/wiki/mailing-lists/distros#how-to-use-the-lists>。
/linux/fs/9p/
H A DKconfig40 implemented by security modules like SELinux. This option
41 enables an extended attribute handler for file security
44 If you are not using a security module that requires using
45 extended attributes for file security labels, say N.

12345678910>>...14