blaster4385/linux-IllusionX/Documentation/admin-guide/LSM, branch v6.13

Docs: Update LSM/apparmor.rst

2024-11-27T03:21:06Z

After the deprecation of CONFIG_DEFAULT_SECURITY, it is no longer used to enable and configure AppArmor. Since kernel 5.0, `CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE` is not used either. Instead, the CONFIG_LSM parameter manages the order and selection of LSMs. Signed-off-by: Siddharth Menon Signed-off-by: John Johansen

ipe: allow secondary and platform keyrings to install/update policies

2024-10-17T18:46:10Z

The current policy management makes it impossible to use IPE in a general purpose distribution. In such cases the users are not building the kernel, the distribution is, and access to the private key included in the trusted keyring is, for obvious reason, not available. This means that users have no way to enable IPE, since there will be no built-in generic policy, and no access to the key to sign updates validated by the trusted keyring. Just as we do for dm-verity, kernel modules and more, allow the secondary and platform keyrings to also validate policies. This allows users enrolling their own keys in UEFI db or MOK to also sign policies, and enroll them. This makes it sensible to enable IPE in general purpose distributions, as it becomes usable by any user wishing to do so. Keys in these keyrings can already load kernels and kernel modules, so there is no security downgrade. Add a kconfig each, like dm-verity does, but default to enabled if the dependencies are available. Signed-off-by: Luca Boccassi Reviewed-by: Serge Hallyn [FW: fixed some style issues] Signed-off-by: Fan Wu

ipe: also reject policy updates with the same version

2024-10-17T18:38:15Z

Currently IPE accepts an update that has the same version as the policy being updated, but it doesn't make it a no-op nor it checks that the old and new policyes are the same. So it is possible to change the content of a policy, without changing its version. This is very confusing from userspace when managing policies. Instead change the update logic to reject updates that have the same version with ESTALE, as that is much clearer and intuitive behaviour. Signed-off-by: Luca Boccassi Reviewed-by: Serge Hallyn Signed-off-by: Fan Wu

documentation: add IPE documentation

2024-08-20T18:03:47Z

Add IPE's admin and developer documentation to the kernel tree. Co-developed-by: Fan Wu Signed-off-by: Deven Bowers Signed-off-by: Fan Wu Signed-off-by: Paul Moore

tomoyo: update project links

2024-06-03T13:43:11Z

TOMOYO project has moved to SourceForge.net . Signed-off-by: Tetsuo Handa

security/loadpin: Update the changing interface in the source code.

2021-03-15T19:32:32Z

Loadpin cmdline interface "enabled" has been renamed to "enforce" for a long time, but the User Description Document was not updated. (Meaning unchanged) And kernel_read_file* were moved from linux/fs.h to its own linux/kernel_read_file.h include file. So update that change here. Signed-off-by: Jiele zhao Link: https://lore.kernel.org/r/20210308020358.102836-1-unclexiaole@gmail.com Signed-off-by: Jonathan Corbet

docs: SafeSetID: fix a warning

2020-10-28T17:42:02Z

As reported by Sphinx 2.4.4: docs/Documentation/admin-guide/LSM/SafeSetID.rst:110: WARNING: Title underline too short. Note on GID policies and setgroups() ================== Signed-off-by: Mauro Carvalho Chehab Link: https://lore.kernel.org/r/4afa281c170daabd1ce522653d5d5d5078ebd92c.1603791716.git.mchehab+huawei@kernel.org Signed-off-by: Jonathan Corbet

LSM: SafeSetID: Add GID security policy handling

2020-10-13T16:17:35Z

The SafeSetID LSM has functionality for restricting setuid() calls based on its configured security policies. This patch adds the analogous functionality for setgid() calls. This is mostly a copy-and-paste change with some code deduplication, plus slight modifications/name changes to the policy-rule-related structs (now contain GID rules in addition to the UID ones) and some type generalization since SafeSetID now needs to deal with kgid_t and kuid_t types. Signed-off-by: Thomas Cedeno Signed-off-by: Micah Morton

doc: yama: Swap HTTP for HTTPS and replace dead link

2020-07-13T15:40:42Z

Replace one dead link for the same person's original presentation on the topic and swap an HTTP URL with HTTPS. While here, linkify the text to make it more readable when rendered. Link: https://lore.kernel.org/lkml/20200708073346.13177-1-grandmaster@al2klimov.de/ Co-developed-by: Alexander A. Klimov Signed-off-by: Alexander A. Klimov Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/202007091141.C008B89EC@keescook Signed-off-by: Jonathan Corbet

Replace HTTP links with HTTPS ones: documentation

2020-06-08T15:30:19Z

Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov Link: https://lore.kernel.org/r/20200526060544.25127-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet