Create Documentation/security/,
move LSM-, credentials-, and keys-related files from Documentation/ to Documentation/security/, add Documentation/security/00-INDEX, and update all occurrences of Documentation/<moved_file> to Documentation/security/<moved_file>.
This commit is contained in:
Randy Dunlap
parent
61c4f2c81c
commit
d410fa4ef9
|
|
@ -192,10 +192,6 @@ kernel-docs.txt
|
||||||
- listing of various WWW + books that document kernel internals.
|
- listing of various WWW + books that document kernel internals.
|
||||||
kernel-parameters.txt
|
kernel-parameters.txt
|
||||||
- summary listing of command line / boot prompt args for the kernel.
|
- summary listing of command line / boot prompt args for the kernel.
|
||||||
keys-request-key.txt
|
|
||||||
- description of the kernel key request service.
|
|
||||||
keys.txt
|
|
||||||
- description of the kernel key retention service.
|
|
||||||
kobject.txt
|
kobject.txt
|
||||||
- info of the kobject infrastructure of the Linux kernel.
|
- info of the kobject infrastructure of the Linux kernel.
|
||||||
kprobes.txt
|
kprobes.txt
|
||||||
|
|
@ -294,6 +290,8 @@ scheduler/
|
||||||
- directory with info on the scheduler.
|
- directory with info on the scheduler.
|
||||||
scsi/
|
scsi/
|
||||||
- directory with info on Linux scsi support.
|
- directory with info on Linux scsi support.
|
||||||
|
security/
|
||||||
|
- directory that contains security-related info
|
||||||
serial/
|
serial/
|
||||||
- directory with info on the low level serial API.
|
- directory with info on the low level serial API.
|
||||||
serial-console.txt
|
serial-console.txt
|
||||||
|
|
|
||||||
|
|
@ -47,8 +47,8 @@ request-key will find the first matching line and corresponding program. In
|
||||||
this case, /some/other/program will handle all uid lookups and
|
this case, /some/other/program will handle all uid lookups and
|
||||||
/usr/sbin/nfs.idmap will handle gid, user, and group lookups.
|
/usr/sbin/nfs.idmap will handle gid, user, and group lookups.
|
||||||
|
|
||||||
See <file:Documentation/keys-request-keys.txt> for more information about the
|
See <file:Documentation/security/keys-request-keys.txt> for more information
|
||||||
request-key function.
|
about the request-key function.
|
||||||
|
|
||||||
|
|
||||||
=========
|
=========
|
||||||
|
|
|
||||||
|
|
@ -139,8 +139,8 @@ the key will be discarded and recreated when the data it holds has expired.
|
||||||
dns_query() returns a copy of the value attached to the key, or an error if
|
dns_query() returns a copy of the value attached to the key, or an error if
|
||||||
that is indicated instead.
|
that is indicated instead.
|
||||||
|
|
||||||
See <file:Documentation/keys-request-key.txt> for further information about
|
See <file:Documentation/security/keys-request-key.txt> for further
|
||||||
request-key function.
|
information about request-key function.
|
||||||
|
|
||||||
|
|
||||||
=========
|
=========
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,18 @@
|
||||||
|
00-INDEX
|
||||||
|
- this file.
|
||||||
|
SELinux.txt
|
||||||
|
- how to get started with the SELinux security enhancement.
|
||||||
|
Smack.txt
|
||||||
|
- documentation on the Smack Linux Security Module.
|
||||||
|
apparmor.txt
|
||||||
|
- documentation on the AppArmor security extension.
|
||||||
|
credentials.txt
|
||||||
|
- documentation about credentials in Linux.
|
||||||
|
keys-request-key.txt
|
||||||
|
- description of the kernel key request service.
|
||||||
|
keys-trusted-encrypted.txt
|
||||||
|
- info on the Trusted and Encrypted keys in the kernel key ring service.
|
||||||
|
keys.txt
|
||||||
|
- description of the kernel key retention service.
|
||||||
|
tomoyo.txt
|
||||||
|
- documentation on the TOMOYO Linux Security Module.
|
||||||
|
|
@ -216,7 +216,7 @@ The Linux kernel supports the following types of credentials:
|
||||||
When a process accesses a key, if not already present, it will normally be
|
When a process accesses a key, if not already present, it will normally be
|
||||||
cached on one of these keyrings for future accesses to find.
|
cached on one of these keyrings for future accesses to find.
|
||||||
|
|
||||||
For more information on using keys, see Documentation/keys.txt.
|
For more information on using keys, see Documentation/security/keys.txt.
|
||||||
|
|
||||||
(5) LSM
|
(5) LSM
|
||||||
|
|
||||||
|
|
@ -3,8 +3,8 @@
|
||||||
===================
|
===================
|
||||||
|
|
||||||
The key request service is part of the key retention service (refer to
|
The key request service is part of the key retention service (refer to
|
||||||
Documentation/keys.txt). This document explains more fully how the requesting
|
Documentation/security/keys.txt). This document explains more fully how
|
||||||
algorithm works.
|
the requesting algorithm works.
|
||||||
|
|
||||||
The process starts by either the kernel requesting a service by calling
|
The process starts by either the kernel requesting a service by calling
|
||||||
request_key*():
|
request_key*():
|
||||||
|
|
@ -434,7 +434,7 @@ The main syscalls are:
|
||||||
/sbin/request-key will be invoked in an attempt to obtain a key. The
|
/sbin/request-key will be invoked in an attempt to obtain a key. The
|
||||||
callout_info string will be passed as an argument to the program.
|
callout_info string will be passed as an argument to the program.
|
||||||
|
|
||||||
See also Documentation/keys-request-key.txt.
|
See also Documentation/security/keys-request-key.txt.
|
||||||
|
|
||||||
|
|
||||||
The keyctl syscall functions are:
|
The keyctl syscall functions are:
|
||||||
|
|
@ -864,7 +864,7 @@ payload contents" for more information.
|
||||||
If successful, the key will have been attached to the default keyring for
|
If successful, the key will have been attached to the default keyring for
|
||||||
implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING.
|
implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING.
|
||||||
|
|
||||||
See also Documentation/keys-request-key.txt.
|
See also Documentation/security/keys-request-key.txt.
|
||||||
|
|
||||||
|
|
||||||
(*) To search for a key, passing auxiliary data to the upcaller, call:
|
(*) To search for a key, passing auxiliary data to the upcaller, call:
|
||||||
|
|
@ -3705,7 +3705,7 @@ KEYS/KEYRINGS:
|
||||||
M: David Howells <dhowells@redhat.com>
|
M: David Howells <dhowells@redhat.com>
|
||||||
L: keyrings@linux-nfs.org
|
L: keyrings@linux-nfs.org
|
||||||
S: Maintained
|
S: Maintained
|
||||||
F: Documentation/keys.txt
|
F: Documentation/security/keys.txt
|
||||||
F: include/linux/key.h
|
F: include/linux/key.h
|
||||||
F: include/linux/key-type.h
|
F: include/linux/key-type.h
|
||||||
F: include/keys/
|
F: include/keys/
|
||||||
|
|
@ -3717,7 +3717,7 @@ M: Mimi Zohar <zohar@us.ibm.com>
|
||||||
L: linux-security-module@vger.kernel.org
|
L: linux-security-module@vger.kernel.org
|
||||||
L: keyrings@linux-nfs.org
|
L: keyrings@linux-nfs.org
|
||||||
S: Supported
|
S: Supported
|
||||||
F: Documentation/keys-trusted-encrypted.txt
|
F: Documentation/security/keys-trusted-encrypted.txt
|
||||||
F: include/keys/trusted-type.h
|
F: include/keys/trusted-type.h
|
||||||
F: security/keys/trusted.c
|
F: security/keys/trusted.c
|
||||||
F: security/keys/trusted.h
|
F: security/keys/trusted.h
|
||||||
|
|
@ -3728,7 +3728,7 @@ M: David Safford <safford@watson.ibm.com>
|
||||||
L: linux-security-module@vger.kernel.org
|
L: linux-security-module@vger.kernel.org
|
||||||
L: keyrings@linux-nfs.org
|
L: keyrings@linux-nfs.org
|
||||||
S: Supported
|
S: Supported
|
||||||
F: Documentation/keys-trusted-encrypted.txt
|
F: Documentation/security/keys-trusted-encrypted.txt
|
||||||
F: include/keys/encrypted-type.h
|
F: include/keys/encrypted-type.h
|
||||||
F: security/keys/encrypted.c
|
F: security/keys/encrypted.c
|
||||||
F: security/keys/encrypted.h
|
F: security/keys/encrypted.h
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
/* Credentials management - see Documentation/credentials.txt
|
/* Credentials management - see Documentation/security/credentials.txt
|
||||||
*
|
*
|
||||||
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
|
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
|
||||||
* Written by David Howells (dhowells@redhat.com)
|
* Written by David Howells (dhowells@redhat.com)
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@
|
||||||
* 2 of the License, or (at your option) any later version.
|
* 2 of the License, or (at your option) any later version.
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* See Documentation/keys.txt for information on keys/keyrings.
|
* See Documentation/security/keys.txt for information on keys/keyrings.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _LINUX_KEY_H
|
#ifndef _LINUX_KEY_H
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
/* Task credentials management - see Documentation/credentials.txt
|
/* Task credentials management - see Documentation/security/credentials.txt
|
||||||
*
|
*
|
||||||
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
|
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
|
||||||
* Written by David Howells (dhowells@redhat.com)
|
* Written by David Howells (dhowells@redhat.com)
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
Please see Documentation/SELinux.txt for information on
|
Please see Documentation/security/SELinux.txt for information on
|
||||||
installing a dummy SELinux policy.
|
installing a dummy SELinux policy.
|
||||||
|
|
|
||||||
|
|
@ -194,7 +194,7 @@ void aa_dfa_free_kref(struct kref *kref)
|
||||||
* @flags: flags controlling what type of accept tables are acceptable
|
* @flags: flags controlling what type of accept tables are acceptable
|
||||||
*
|
*
|
||||||
* Unpack a dfa that has been serialized. To find information on the dfa
|
* Unpack a dfa that has been serialized. To find information on the dfa
|
||||||
* format look in Documentation/apparmor.txt
|
* format look in Documentation/security/apparmor.txt
|
||||||
* Assumes the dfa @blob stream has been aligned on a 8 byte boundary
|
* Assumes the dfa @blob stream has been aligned on a 8 byte boundary
|
||||||
*
|
*
|
||||||
* Returns: an unpacked dfa ready for matching or ERR_PTR on failure
|
* Returns: an unpacked dfa ready for matching or ERR_PTR on failure
|
||||||
|
|
|
||||||
|
|
@ -12,8 +12,8 @@
|
||||||
* published by the Free Software Foundation, version 2 of the
|
* published by the Free Software Foundation, version 2 of the
|
||||||
* License.
|
* License.
|
||||||
*
|
*
|
||||||
* AppArmor uses a serialized binary format for loading policy.
|
* AppArmor uses a serialized binary format for loading policy. To find
|
||||||
* To find policy format documentation look in Documentation/apparmor.txt
|
* policy format documentation look in Documentation/security/apparmor.txt
|
||||||
* All policy is validated before it is used.
|
* All policy is validated before it is used.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
* the Free Software Foundation, version 2 of the License.
|
* the Free Software Foundation, version 2 of the License.
|
||||||
*
|
*
|
||||||
* See Documentation/keys-trusted-encrypted.txt
|
* See Documentation/security/keys-trusted-encrypted.txt
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <linux/uaccess.h>
|
#include <linux/uaccess.h>
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
* as published by the Free Software Foundation; either version
|
* as published by the Free Software Foundation; either version
|
||||||
* 2 of the License, or (at your option) any later version.
|
* 2 of the License, or (at your option) any later version.
|
||||||
*
|
*
|
||||||
* See Documentation/keys-request-key.txt
|
* See Documentation/security/keys-request-key.txt
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <linux/module.h>
|
#include <linux/module.h>
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
* as published by the Free Software Foundation; either version
|
* as published by the Free Software Foundation; either version
|
||||||
* 2 of the License, or (at your option) any later version.
|
* 2 of the License, or (at your option) any later version.
|
||||||
*
|
*
|
||||||
* See Documentation/keys-request-key.txt
|
* See Documentation/security/keys-request-key.txt
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <linux/module.h>
|
#include <linux/module.h>
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
* the Free Software Foundation, version 2 of the License.
|
* the Free Software Foundation, version 2 of the License.
|
||||||
*
|
*
|
||||||
* See Documentation/keys-trusted-encrypted.txt
|
* See Documentation/security/keys-trusted-encrypted.txt
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <linux/uaccess.h>
|
#include <linux/uaccess.h>
|
||||||
|
|
|
||||||
Reference in New Issue