linux/Documentation/admin-guide/LSM
Ke Wu 0ff9848067 security/loadpin: Allow to exclude specific file types
Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to
make sure loaded kernel module and kernel image are trusted. This
patch adds a kernel command line option "loadpin.exclude" which
allows to exclude specific file types from LoadPin. This is useful
when people want to use different mechanisms to verify module and
kernel image while still use LoadPin to protect the integrity of
other files kernel loads.

Signed-off-by: Ke Wu <mikewu@google.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
[kees: fix array size issue reported by Coverity via Colin Ian King]
Signed-off-by: Kees Cook <keescook@chromium.org>
2019-05-31 13:57:40 -07:00
..
apparmor.rst apparmor: update git and wiki locations in AppArmor docs 2018-06-07 01:50:47 -07:00
index.rst LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
LoadPin.rst security/loadpin: Allow to exclude specific file types 2019-05-31 13:57:40 -07:00
SafeSetID.rst LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
SELinux.rst Documentation: Update SELinux reference policy URL 2018-11-19 12:40:48 -05:00
Smack.rst Smack: Improve Documentation 2018-12-13 13:31:01 -08:00
tomoyo.rst tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst 2017-07-25 11:00:26 +10:00
Yama.rst yama: clarify ptrace_scope=2 in Yama documentation 2018-10-07 09:16:38 -06:00