kernel\-policy (full) in projects: linux

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched +full:kernel +full:- +full:policy (Results 1 – 25 of 537) sorted by relevance

12 3 4 5 6 7 8 9 10 >>...22

/linux/tools/perf/Documentation/
H A D	security.txt	6 https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html 13 Targeted policy with perf_event_open() access control capabilities: 15 1. Download selinux-policy SRPM package (e.g. selinux-policy-3.14.4-48.fc31.src.rpm on FC31) 18 # rpm -Uhv selinux-policy-3.14.4-48.fc31.src.rpm 22 # rpmbuild -bp selinux-policy.spec 24 3. Place patch below at rpmbuild/BUILD/selinux-policy-b86eaaf4dbcf2d51dd4432df7185c0eaf3cbcc02 27 # patch -p1 < selinux-policy-perf-events-perfmon.patch 28 patching file policy/flask/access_vectors 29 patching file policy/flask/security_classes 30 # cat selinux-policy-perf-events-perfmon.patch [all …]
/linux/security/apparmor/
H A D	Kconfig	1 # SPDX-License-Identifier: GPL-2.0-only 14 http://apparmor.wiki.kernel.org 43 Set the default value of the apparmor.debug kernel parameter. 45 the kernel message buffer. 48 bool "Allow loaded policy to be introspected" 52 This option selects whether introspection of loaded policy 54 adds to kernel memory usage. It is required for introspection 55 of loaded policy, and check point and restore support. It 65 This option selects whether introspection of loaded policy 68 checking loaded policy. This option adds to policy load [all …]
/linux/security/integrity/ima/
H A D	Kconfig	`1 # SPDX-License-Identifier: GPL-2.0-only 42 running kernel must be saved and restored on boot. 44 Depending on the IMA policy, the measurement list can grow to 61 Disabling this option will disregard LSM based policy rules. 71 limited to 255 characters. The 'ima-ng' measurement list 77 bool "ima-ng (default)" 79 bool "ima-si [all...]`
H A D	ima_main.c	`1 // SPDX-License-Identifier: GPL-2.0-only 74 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { in hash_setup() 114 mapping_writably_mapped(file->f_mapping)) { in mmap_violation_check() 115 rc = -ETXTBSY; in mmap_violation_check() 118 if (!pathbuf) / ima_rdwr_violation possibly pre-fetched / in mmap_violation_check() 119 pathname = ima_d_path(&file->f_path, pathbuf, in mmap_violation_check() 131 * - Openin [all...]`
/linux/security/tomoyo/
H A D	Kconfig	1 # SPDX-License-Identifier: GPL-2.0-only 11 This selects TOMOYO Linux, pathname-based access control. 23 that are automatically appended into policy at "learning mode". 36 audit logs that the kernel can hold on memory. 37 You can read the log via /sys/kernel/security/tomoyo/audit. 41 bool "Activate without calling userspace policy loader." 45 Say Y here if you want to activate access control as soon as built-in 46 policy was loaded. This option will be useful for systems where 48 needed before loading the policy. For example, you can activate 49 immediately after loading the fixed part of policy which will allow [all …]
H A D	load_policy.c	1 // SPDX-License-Identifier: GPL-2.0 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 13 * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER) 18 * tomoyo_loader_setup - Set policy loader. 20 * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ). 33 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. 35 * Returns true if /sbin/tomoyo-init exists, false otherwise. 58 * tomoyo_trigger_setup - Set trigger for activation. 73 * tomoyo_load_policy - Run external policy loader to load policy. 78 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init [all …]
/linux/Documentation/admin-guide/LSM/
H A D	ipe.rst	1 .. SPDX-License-Identifier: GPL-2.0 3 Integrity Policy Enforcement (IPE) 9 attempting to use IPE. If you're looking for more developer-focused 13 -------- 15 Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a 17 mechanisms that rely on labels and paths for decision-making, IPE focuses 34 a file's origin, such as dm-verity or fs-verity, which provide a layer of 36 that trust files from a dm-verity protected device. dm-verity ensures the 38 of its contents. Similarly, fs-verity offers filesystem-level integrity 40 fs-verity. These two features cannot be turned off once established, so [all …]
H A D	SELinux.rst	5 Information about the SELinux kernel subsystem can be found at the 8 https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/tree/README.md 10 https://github.com/selinuxproject/selinux-kernel/wiki 17 to use the distro-provided policies, or install the 18 latest reference policy release from 22 However, if you want to install a dummy policy for 25 userspace to be installed - in particular you will 26 need checkpolicy to compile a kernel, and setfiles and 29 1. Compile the kernel with selinux enabled. 32 SELinux enabled and a real policy. If [all …]
/linux/tools/testing/selftests/kexec/
H A D	test_kexec_file_load.sh	2 # SPDX-License-Identifier: GPL-2.0 4 # Loading a kernel image via the kexec_file_load syscall can verify either 6 # both signatures depending on the IMA policy, or none. 8 # To determine whether the kernel image is signed, this test depends 9 # on pesign and getfattr. This test also requires the kernel to be 11 # enabled or access to the extract-ikconfig script. 16 trap "{ rm -f $IKCONFIG ; }" EXIT 18 # Some of the IMA builtin policies may require the kexec kernel image to 19 # be signed, but these policy rules may be replaced with a custom 20 # policy. Only CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS persists after [all …]
/linux/Documentation/trace/
H A D	stm.rst	1 .. SPDX-License-Identifier: GPL-2.0 26 To solve this mapping problem, stm class provides a policy management 28 identifiers to ranges of masters and channels. If these rules (policy) 32 This policy is a tree structure containing rules (policy_node) that 34 associated with it, located in "stp-policy" subsystem directory in 35 configfs. The topmost directory's name (the policy) is formatted as 36 the STM device name to which this policy applies and an arbitrary 40 $ ls /config/stp-policy/dummy_stm.my-policy/user 42 $ cat /config/stp-policy/dummy_stm.my-policy/user/masters 44 $ cat /config/stp-policy/dummy_stm.my-policy/user/channels [all …]
/linux/Documentation/admin-guide/mm/
H A D	transhuge.rst	26 requiring larger clear-page copy-page in page faults which is a 29 reducing the enter/exit kernel frequency by a 512 times factor). This 48 Modern kernels support "multi-size THP" (mTHP), which introduces the 50 but smaller than traditional PMD-size (as described above), in 51 increments of a power-of-2 number of pages. mTHP can back anonymous 53 PTE-mapped, but in many cases can still provide similar benefits to 56 prominent because the size of each page isn't as huge as the PMD-sized 66 collapses sequences of basic pages into PMD-sized huge pages. 91 possible to disable hugepages system-wide and to only have them inside 108 ------------------- [all …]
/linux/Documentation/cpu-freq/
H A D	core.rst	1 .. SPDX-License-Identifier: GPL-2.0 8 - Dominik Brodowski <linux@brodo.de> 9 - David Kimdon <dwhedon@debian.org> 10 - Rafael J. Wysocki <rafael.j.wysocki@intel.com> 11 - Viresh Kumar <viresh.kumar@linaro.org> 26 drivers or other part of the kernel that need to be informed of 27 policy changes (ex. thermal modules like ACPI) or of all 30 kernel "constant" loops_per_jiffy is updated on frequency changes 37 policy doesn't get freed while being used. 42 CPUFreq notifiers conform to the standard kernel notifier interface. [all …]
/linux/drivers/macintosh/
H A D	windfarm_cpufreq_clamp.c	1 // SPDX-License-Identifier: GPL-2.0-only 4 #include <linux/kernel.h> 65 struct cpufreq_policy *policy; in wf_cpufreq_clamp_init() local 70 policy = cpufreq_cpu_get(0); in wf_cpufreq_clamp_init() 71 if (!policy) { in wf_cpufreq_clamp_init() 72 pr_warn("%s: cpufreq policy not found cpu0\n", __func__); in wf_cpufreq_clamp_init() 73 return -EPROBE_DEFER; in wf_cpufreq_clamp_init() 76 min_freq = policy->cpuinfo.min_freq; in wf_cpufreq_clamp_init() 77 max_freq = policy->cpuinfo.max_freq; in wf_cpufreq_clamp_init() 79 ret = freq_qos_add_request(&policy->constraints, &qos_req, FREQ_QOS_MAX, in wf_cpufreq_clamp_init() [all …]
/linux/kernel/sched/
H A D	syscalls.c	1 // SPDX-License-Identifier: GPL-2.0-only 3 * kernel/sched/syscalls.c 5 * Core kernel scheduler syscalls related code 7 * Copyright (C) 1991-2002 Linus Torvalds 8 * Copyright (C) 1998-2024 Ingo Molnar, Red Hat 19 static inline int __normal_prio(int policy, int rt_prio, int nice) in __normal_prio() argument 23 if (dl_policy(policy)) in __normal_prio() 24 prio = MAX_DL_PRIO - 1; in __normal_prio() 25 else if (rt_policy(policy)) in __normal_prio() 26 prio = MAX_RT_PRIO - 1 - rt_prio; in __normal_prio() [all …]
/linux/Documentation/arch/x86/
H A D	intel_txt.rst	6 Technology (Intel(R) TXT), defines platform-level enhancements that 13 - Provides dynamic root of trust for measurement (DRTM) 14 - Data protection in case of improper shutdown 15 - Measurement and verification of launched environment 18 non-vPro systems. It is currently available on desktop systems 30 - LinuxTAG 2008: 31 http://www.linuxtag.org/2008/en/conf/events/vp-donnerstag.html 33 - TRUST2008: 34 http://www.trust-conference.eu/downloads/Keynote-Speakers/ 35 3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf [all …]
/linux/rust/kernel/
H A D	cpufreq.rs	1 // SPDX-License-Identifier: GPL-2.0 9 //! Reference: <https://docs.kernel.org/admin-guide/pm/cpufreq.html> 54 /// Supports multiple clock domains with per-policy governors in `cpu/cpuN/cpufreq/`. 57 /// Allows post-change notifications outside of the `target()` routine. 60 /// Ensure CPU starts at a valid frequency from the driver's freq-table. 89 // Construct from a C-compatible `u32` value. 90 fn new(val: u32) -> Result<Self> { in new() 103 // Convert to a C-compatible `u32` value. 104 fn from(rel: Relation) -> Self { in from() 119 /// Policy data. [all …]
/linux/tools/power/cpupower/man/
H A D	cpupower-set.1	1 .TH CPUPOWER\-SET "1" "22/02/2011" "" "cpupower Manual" 3 cpupower\-set \- Set processor power related kernel or hardware configurations 6 .B cpupower set [ \-b VAL \| \-e POLICY \| \-m MODE \| \-t BOOL ] 10 \fBcpupower set \fP sets kernel configurations or directly accesses hardware 15 described in the cpupower(1) manpage in the \-\-cpu option section. Whether an 24 \-\-perf-bias, \-b 27 its policy for the relative importance of performance versus energy savings to 30 The range of valid numbers is 0-15, where 0 is maximum 33 The processor uses this information in model-specific ways 34 when it must select trade-offs between performance and [all …]
/linux/security/ipe/
H A D	hooks.c	1 // SPDX-License-Identifier: GPL-2.0 3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 19 * ipe_bprm_check_security() - ipe security hook function for bprm check. 27 * * %0 - Success 28 * * %-EACCES - Did not pass IPE policy 34 ipe_build_eval_ctx(&ctx, bprm->file, IPE_OP_EXEC, IPE_HOOK_BPRM_CHECK); in ipe_bprm_check_security() 39 * ipe_bprm_creds_for_exec() - ipe security hook function for bprm creds check. 43 * This LSM hook is called when userspace signals the kernel to check a file 45 * The hook triggers IPE policy evaluation on the script file and returns 46 * the policy decision to userspace. The userspace program receives the [all …]
/linux/Documentation/netlink/specs/
H A D	nlctrl.yaml	`1 # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2 --- 4 protocol: genetlink-legacy 5 uapi-header: linux/genetlink.h 8 genetlink meta-family that exposes information about all genetlink 9 families registered in the kernel (including itself). 12 - 13 name: op-flags 15 enum-name: 17 - admin-perm [all …]`
/linux/tools/net/ynl/lib/
H A D	ynl.c	1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 21 snprintf(_yse->msg, sizeof(_yse->msg) - 1, _msg); \ 22 _yse->msg[sizeof(_yse->ms 49 ynl_err_walk_is_sel(const struct ynl_policy_nest * policy,const struct nlattr * attr) ynl_err_walk_is_sel() argument 62 const struct ynl_policy_nest policy = policy_attr->nest; ynl_err_walk_sel_policy() local 79 ynl_err_walk_report_one(const struct ynl_policy_nest policy,const struct nlattr * selector,unsigned int type,char * str,int str_sz,int * n) ynl_err_walk_report_one() argument 134 ynl_err_walk(struct ynl_sock * ys,void * start,void * end,unsigned int off,const struct ynl_policy_nest * policy,char * str,int str_sz,const struct ynl_policy_nest ** nest_pol) ynl_err_walk() argument 365 const struct ynl_policy_attr *policy; ynl_attr_validate() local [all...]
/linux/Documentation/userspace-api/netlink/
H A D	genetlink-legacy.rst	1 .. SPDX-License-Identifier: BSD-3-Clause 9 the ``genetlink-legacy`` protocol level. 15 ------- 29 -------------------- 31 New Netlink families should use ``multi-attr`` to define arrays. 35 For reference the ``multi-attr`` array may look like this:: 37 [ARRAY-ATTR] 41 [SOME-OTHER-ATTR] 42 [ARRAY-ATTR] 47 where ``ARRAY-ATTR`` is the array entry type. [all …]
/linux/tools/power/x86/x86_energy_perf_policy/
H A D	x86_energy_perf_policy.8	1 .\" This page Copyright (C) 2010 - 2015 Len Brown <len.brown@intel.com> 5 x86_energy_perf_policy \- Manage Energy vs. Performance Policy 10 .RB "scope: \-\-cpu\ cpu-list \| \-\-pkg\ pkg-list" 12 .RB "cpu-list, pkg-list: # \| #,# \| #-# \| all" 14 .RB "field: \-\-all \| \-\-epb \| \-\-hwp-epp \| \-\-hwp-min \| \-\-hwp-max \| \-\-hwp-desired" 16 .RB "other: (\-\-force \| \-\-hwp-enable \| \-\-turbo-enable) value)" 18 .RB "soc-slider: --soc-slider-balance # \| --soc-slider-offset # \| --platform-profile <name>" 20 .RB "value: # \| default \| performance \| balance-performance \| balance-power \| power" 23 displays and updates energy-performance policy settings specific to 27 While \fBx86_energy_perf_policy\fP can manage energy-performance policy [all …]
/linux/tools/testing/selftests/net/netfilter/
H A D	nft_queue.sh	`24 rm -f "$TMPINPUT" 25 rm -f "$TMPFILE0" 26 rm -f "$TMPFILE1" 27 rm -f "$TMPFILE2" "$TMPFILE3" 30 checktool "nft --version" "test without nft tool" 31 checktool "socat -h" "run test without socat" 33 modprobe -q sctp 50 echo "SKIP: No virtual ethernet pair device support in kernel" 56 ip -net "$nsrouter" link set veth0 up 57 ip -net "$nsrouter" addr add 10.0.1.1/24 dev veth0 [all …]`
/linux/tools/testing/selftests/net/
H A D	srv6_end_flavors_test.sh	`2 # SPDX-License-Identifier: GPL-2.0 13 # - Penultimate Segment Pop (PSP); 14 # - Ultimate Segment Pop (USP); 15 # - Ultimate Segment Decapsulation (USD). 21 # flavors will be supported in the kernel. 24 # listed in the SRv6 policy to remove (i.e. pop) the outermost SRH from the IPv6 27 # - decrementing the Segment Left (SL) value from 1 to 0; 28 # - copyin [all...]`
/linux/security/selinux/ss/
H A D	services.c	1 // SPDX-License-Identifier: GPL-2.0-only 15 * Added conditional policy language extensions 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 20 * Added support for the policy capability bitmap 24 * Added validation of kernel classes and permissions 32 * Added support for runtime switching of the policy type 35 * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. 36 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. 37 * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC 40 #include <linux/kernel.h> [all …]

12 3 4 5 6 7 8 9 10 >>...22