~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/LSM/LoadPin.rst

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/LSM/LoadPin.rst (Version linux-6.11.5) and /Documentation/admin-guide/LSM/LoadPin.rst (Version linux-2.4.37.11)

  1 =======                                           
  2 LoadPin                                           
  3 =======                                           
  4                                                   
  5 LoadPin is a Linux Security Module that ensure    
  6 (modules, firmware, etc) all originate from th    
  7 the expectation that such a filesystem is back    
  8 such as dm-verity or CDROM. This allows system    
  9 and/or unchangeable filesystem to enforce modu    
 10 restrictions without needing to sign the files    
 11                                                   
 12 The LSM is selectable at build-time with ``CON    
 13 can be controlled at boot-time with the kernel    
 14 "``loadpin.enforce``". By default, it is enabl    
 15 boot ("``loadpin.enforce=0``").                   
 16                                                   
 17 LoadPin starts pinning when it sees the first     
 18 block device backing the filesystem is not rea    
 19 created to toggle pinning: ``/proc/sys/kernel/    
 20 a mutable filesystem means pinning is mutable     
 21 sysctl allows for easy testing on systems with    
 22                                                   
 23 It's also possible to exclude specific file ty    
 24 command line option "``loadpin.exclude``". By     
 25 included, but they can be excluded using kerne    
 26 as "``loadpin.exclude=kernel-module,kexec-imag    
 27 different mechanisms such as ``CONFIG_MODULE_S    
 28 ``CONFIG_KEXEC_VERIFY_SIG`` to verify kernel m    
 29 still use LoadPin to protect the integrity of     
 30 full list of valid file types can be found in     
 31 defined in ``include/linux/kernel_read_file.h`
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php