Re: [PATCH 09/17] doc: ReSTify apparmor.txt
On 05/13/2017 04:51 AM, Kees Cook wrote: > Adjusts for ReST markup and moves under LSM admin guide. > > Cc: John Johansen> Signed-off-by: Kees Cook Acked-by: John Johansen > --- > .../apparmor.txt => admin-guide/LSM/apparmor.rst} | 36 > ++ > Documentation/admin-guide/LSM/index.rst| 1 + > Documentation/security/00-INDEX| 2 -- > MAINTAINERS| 1 + > security/apparmor/match.c | 2 +- > security/apparmor/policy_unpack.c | 2 +- > 6 files changed, 28 insertions(+), 16 deletions(-) > rename Documentation/{security/apparmor.txt => admin-guide/LSM/apparmor.rst} > (65%) > > diff --git a/Documentation/security/apparmor.txt > b/Documentation/admin-guide/LSM/apparmor.rst > similarity index 65% > rename from Documentation/security/apparmor.txt > rename to Documentation/admin-guide/LSM/apparmor.rst > index 93c1fd7d0635..3e9734bd0e05 100644 > --- a/Documentation/security/apparmor.txt > +++ b/Documentation/admin-guide/LSM/apparmor.rst > @@ -1,4 +1,9 @@ > What is AppArmor? --- > + > +AppArmor > + > + > +What is AppArmor? > += > > AppArmor is MAC style security extension for the Linux kernel. It implements > a task centered policy, with task "profiles" being created and loaded > @@ -6,34 +11,41 @@ from user space. Tasks on the system that do not have a > profile defined for > them run in an unconfined state which is equivalent to standard Linux DAC > permissions. > > How to enable/disable --- > +How to enable/disable > += > + > +set ``CONFIG_SECURITY_APPARMOR=y`` > > -set CONFIG_SECURITY_APPARMOR=y > +If AppArmor should be selected as the default security module then set:: > > -If AppArmor should be selected as the default security module then > - set CONFIG_DEFAULT_SECURITY="apparmor" > - and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > + CONFIG_DEFAULT_SECURITY="apparmor" > + CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > > Build the kernel > > If AppArmor is not the default security module it can be enabled by passing > -security=apparmor on the kernel's command line. > +``security=apparmor`` on the kernel's command line. > > If AppArmor is the default security module it can be disabled by passing > -apparmor=0, security= (where XXX is valid security module), on the > -kernel's command line > +``apparmor=0, security=`` (where ```` is valid security module), on > the > +kernel's command line. > > For AppArmor to enforce any restrictions beyond standard Linux DAC > permissions > policy must be loaded into the kernel from user space (see the Documentation > and tools links). > > Documentation --- > +Documentation > += > > -Documentation can be found on the wiki. > +Documentation can be found on the wiki, linked below. > > Links --- > +Links > += > > Mailing List - appar...@lists.ubuntu.com > + > Wiki - http://apparmor.wiki.kernel.org/ > + > User space tools - https://launchpad.net/apparmor > + > Kernel module - > git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git > diff --git a/Documentation/admin-guide/LSM/index.rst > b/Documentation/admin-guide/LSM/index.rst > index cc0e04d63bf9..a4db29410ea0 100644 > --- a/Documentation/admin-guide/LSM/index.rst > +++ b/Documentation/admin-guide/LSM/index.rst > @@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one > configured. > .. toctree:: > :maxdepth: 1 > > + apparmor > SELinux > diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX > index aaa0195418b3..22ebdc02f0dc 100644 > --- a/Documentation/security/00-INDEX > +++ b/Documentation/security/00-INDEX > @@ -4,8 +4,6 @@ Smack.txt > - documentation on the Smack Linux Security Module. > Yama.txt > - documentation on the Yama Linux Security Module. > -apparmor.txt > - - documentation on the AppArmor security extension. > keys-ecryptfs.txt > - description of the encryption keys for the ecryptfs filesystem. > keys-request-key.txt > diff --git a/MAINTAINERS b/MAINTAINERS > index c85108b4f6c7..184cdd32a67e 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -11560,6 +11560,7 @@ W:apparmor.wiki.kernel.org > T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git > S: Supported > F: security/apparmor/ > +F: Documentation/admin-guide/LSM/apparmor.rst > > LOADPIN SECURITY MODULE > M: Kees Cook > diff --git a/security/apparmor/match.c b/security/apparmor/match.c > index 960c913381e2..72c604350e80 100644 > --- a/security/apparmor/match.c > +++ b/security/apparmor/match.c > @@ -226,7 +226,7 @@ void aa_dfa_free_kref(struct kref *kref) > * @flags: flags controlling what type of accept tables are acceptable > *
Re: [PATCH 09/17] doc: ReSTify apparmor.txt
On 05/13/2017 04:51 AM, Kees Cook wrote: > Adjusts for ReST markup and moves under LSM admin guide. > > Cc: John Johansen > Signed-off-by: Kees Cook Acked-by: John Johansen > --- > .../apparmor.txt => admin-guide/LSM/apparmor.rst} | 36 > ++ > Documentation/admin-guide/LSM/index.rst| 1 + > Documentation/security/00-INDEX| 2 -- > MAINTAINERS| 1 + > security/apparmor/match.c | 2 +- > security/apparmor/policy_unpack.c | 2 +- > 6 files changed, 28 insertions(+), 16 deletions(-) > rename Documentation/{security/apparmor.txt => admin-guide/LSM/apparmor.rst} > (65%) > > diff --git a/Documentation/security/apparmor.txt > b/Documentation/admin-guide/LSM/apparmor.rst > similarity index 65% > rename from Documentation/security/apparmor.txt > rename to Documentation/admin-guide/LSM/apparmor.rst > index 93c1fd7d0635..3e9734bd0e05 100644 > --- a/Documentation/security/apparmor.txt > +++ b/Documentation/admin-guide/LSM/apparmor.rst > @@ -1,4 +1,9 @@ > What is AppArmor? --- > + > +AppArmor > + > + > +What is AppArmor? > += > > AppArmor is MAC style security extension for the Linux kernel. It implements > a task centered policy, with task "profiles" being created and loaded > @@ -6,34 +11,41 @@ from user space. Tasks on the system that do not have a > profile defined for > them run in an unconfined state which is equivalent to standard Linux DAC > permissions. > > How to enable/disable --- > +How to enable/disable > += > + > +set ``CONFIG_SECURITY_APPARMOR=y`` > > -set CONFIG_SECURITY_APPARMOR=y > +If AppArmor should be selected as the default security module then set:: > > -If AppArmor should be selected as the default security module then > - set CONFIG_DEFAULT_SECURITY="apparmor" > - and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > + CONFIG_DEFAULT_SECURITY="apparmor" > + CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > > Build the kernel > > If AppArmor is not the default security module it can be enabled by passing > -security=apparmor on the kernel's command line. > +``security=apparmor`` on the kernel's command line. > > If AppArmor is the default security module it can be disabled by passing > -apparmor=0, security= (where XXX is valid security module), on the > -kernel's command line > +``apparmor=0, security=`` (where ```` is valid security module), on > the > +kernel's command line. > > For AppArmor to enforce any restrictions beyond standard Linux DAC > permissions > policy must be loaded into the kernel from user space (see the Documentation > and tools links). > > Documentation --- > +Documentation > += > > -Documentation can be found on the wiki. > +Documentation can be found on the wiki, linked below. > > Links --- > +Links > += > > Mailing List - appar...@lists.ubuntu.com > + > Wiki - http://apparmor.wiki.kernel.org/ > + > User space tools - https://launchpad.net/apparmor > + > Kernel module - > git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git > diff --git a/Documentation/admin-guide/LSM/index.rst > b/Documentation/admin-guide/LSM/index.rst > index cc0e04d63bf9..a4db29410ea0 100644 > --- a/Documentation/admin-guide/LSM/index.rst > +++ b/Documentation/admin-guide/LSM/index.rst > @@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one > configured. > .. toctree:: > :maxdepth: 1 > > + apparmor > SELinux > diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX > index aaa0195418b3..22ebdc02f0dc 100644 > --- a/Documentation/security/00-INDEX > +++ b/Documentation/security/00-INDEX > @@ -4,8 +4,6 @@ Smack.txt > - documentation on the Smack Linux Security Module. > Yama.txt > - documentation on the Yama Linux Security Module. > -apparmor.txt > - - documentation on the AppArmor security extension. > keys-ecryptfs.txt > - description of the encryption keys for the ecryptfs filesystem. > keys-request-key.txt > diff --git a/MAINTAINERS b/MAINTAINERS > index c85108b4f6c7..184cdd32a67e 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -11560,6 +11560,7 @@ W:apparmor.wiki.kernel.org > T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git > S: Supported > F: security/apparmor/ > +F: Documentation/admin-guide/LSM/apparmor.rst > > LOADPIN SECURITY MODULE > M: Kees Cook > diff --git a/security/apparmor/match.c b/security/apparmor/match.c > index 960c913381e2..72c604350e80 100644 > --- a/security/apparmor/match.c > +++ b/security/apparmor/match.c > @@ -226,7 +226,7 @@ void aa_dfa_free_kref(struct kref *kref) > * @flags: flags controlling what type of accept tables are acceptable > * > * Unpack a dfa that has been serialized. To find information on the dfa > - * format look in
[PATCH 09/17] doc: ReSTify apparmor.txt
Adjusts for ReST markup and moves under LSM admin guide. Cc: John JohansenSigned-off-by: Kees Cook --- .../apparmor.txt => admin-guide/LSM/apparmor.rst} | 36 ++ Documentation/admin-guide/LSM/index.rst| 1 + Documentation/security/00-INDEX| 2 -- MAINTAINERS| 1 + security/apparmor/match.c | 2 +- security/apparmor/policy_unpack.c | 2 +- 6 files changed, 28 insertions(+), 16 deletions(-) rename Documentation/{security/apparmor.txt => admin-guide/LSM/apparmor.rst} (65%) diff --git a/Documentation/security/apparmor.txt b/Documentation/admin-guide/LSM/apparmor.rst similarity index 65% rename from Documentation/security/apparmor.txt rename to Documentation/admin-guide/LSM/apparmor.rst index 93c1fd7d0635..3e9734bd0e05 100644 --- a/Documentation/security/apparmor.txt +++ b/Documentation/admin-guide/LSM/apparmor.rst @@ -1,4 +1,9 @@ What is AppArmor? --- + +AppArmor + + +What is AppArmor? += AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task "profiles" being created and loaded @@ -6,34 +11,41 @@ from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions. How to enable/disable --- +How to enable/disable += + +set ``CONFIG_SECURITY_APPARMOR=y`` -set CONFIG_SECURITY_APPARMOR=y +If AppArmor should be selected as the default security module then set:: -If AppArmor should be selected as the default security module then - set CONFIG_DEFAULT_SECURITY="apparmor" - and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 + CONFIG_DEFAULT_SECURITY="apparmor" + CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 Build the kernel If AppArmor is not the default security module it can be enabled by passing -security=apparmor on the kernel's command line. +``security=apparmor`` on the kernel's command line. If AppArmor is the default security module it can be disabled by passing -apparmor=0, security= (where XXX is valid security module), on the -kernel's command line +``apparmor=0, security=`` (where ```` is valid security module), on the +kernel's command line. For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see the Documentation and tools links). Documentation --- +Documentation += -Documentation can be found on the wiki. +Documentation can be found on the wiki, linked below. Links --- +Links += Mailing List - appar...@lists.ubuntu.com + Wiki - http://apparmor.wiki.kernel.org/ + User space tools - https://launchpad.net/apparmor + Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst index cc0e04d63bf9..a4db29410ea0 100644 --- a/Documentation/admin-guide/LSM/index.rst +++ b/Documentation/admin-guide/LSM/index.rst @@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one configured. .. toctree:: :maxdepth: 1 + apparmor SELinux diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX index aaa0195418b3..22ebdc02f0dc 100644 --- a/Documentation/security/00-INDEX +++ b/Documentation/security/00-INDEX @@ -4,8 +4,6 @@ Smack.txt - documentation on the Smack Linux Security Module. Yama.txt - documentation on the Yama Linux Security Module. -apparmor.txt - - documentation on the AppArmor security extension. keys-ecryptfs.txt - description of the encryption keys for the ecryptfs filesystem. keys-request-key.txt diff --git a/MAINTAINERS b/MAINTAINERS index c85108b4f6c7..184cdd32a67e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11560,6 +11560,7 @@ W: apparmor.wiki.kernel.org T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git S: Supported F: security/apparmor/ +F: Documentation/admin-guide/LSM/apparmor.rst LOADPIN SECURITY MODULE M: Kees Cook diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 960c913381e2..72c604350e80 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -226,7 +226,7 @@ void aa_dfa_free_kref(struct kref *kref) * @flags: flags controlling what type of accept tables are acceptable * * Unpack a dfa that has been serialized. To find information on the dfa - * format look in Documentation/security/apparmor.txt + * format look in Documentation/admin-guide/LSM/apparmor.rst * Assumes the dfa @blob stream has been aligned on a 8 byte boundary * * Returns: an unpacked dfa ready for matching or ERR_PTR on failure diff --git
[PATCH 09/17] doc: ReSTify apparmor.txt
Adjusts for ReST markup and moves under LSM admin guide. Cc: John Johansen Signed-off-by: Kees Cook --- .../apparmor.txt => admin-guide/LSM/apparmor.rst} | 36 ++ Documentation/admin-guide/LSM/index.rst| 1 + Documentation/security/00-INDEX| 2 -- MAINTAINERS| 1 + security/apparmor/match.c | 2 +- security/apparmor/policy_unpack.c | 2 +- 6 files changed, 28 insertions(+), 16 deletions(-) rename Documentation/{security/apparmor.txt => admin-guide/LSM/apparmor.rst} (65%) diff --git a/Documentation/security/apparmor.txt b/Documentation/admin-guide/LSM/apparmor.rst similarity index 65% rename from Documentation/security/apparmor.txt rename to Documentation/admin-guide/LSM/apparmor.rst index 93c1fd7d0635..3e9734bd0e05 100644 --- a/Documentation/security/apparmor.txt +++ b/Documentation/admin-guide/LSM/apparmor.rst @@ -1,4 +1,9 @@ What is AppArmor? --- + +AppArmor + + +What is AppArmor? += AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task "profiles" being created and loaded @@ -6,34 +11,41 @@ from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions. How to enable/disable --- +How to enable/disable += + +set ``CONFIG_SECURITY_APPARMOR=y`` -set CONFIG_SECURITY_APPARMOR=y +If AppArmor should be selected as the default security module then set:: -If AppArmor should be selected as the default security module then - set CONFIG_DEFAULT_SECURITY="apparmor" - and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 + CONFIG_DEFAULT_SECURITY="apparmor" + CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 Build the kernel If AppArmor is not the default security module it can be enabled by passing -security=apparmor on the kernel's command line. +``security=apparmor`` on the kernel's command line. If AppArmor is the default security module it can be disabled by passing -apparmor=0, security= (where XXX is valid security module), on the -kernel's command line +``apparmor=0, security=`` (where ```` is valid security module), on the +kernel's command line. For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see the Documentation and tools links). Documentation --- +Documentation += -Documentation can be found on the wiki. +Documentation can be found on the wiki, linked below. Links --- +Links += Mailing List - appar...@lists.ubuntu.com + Wiki - http://apparmor.wiki.kernel.org/ + User space tools - https://launchpad.net/apparmor + Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst index cc0e04d63bf9..a4db29410ea0 100644 --- a/Documentation/admin-guide/LSM/index.rst +++ b/Documentation/admin-guide/LSM/index.rst @@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one configured. .. toctree:: :maxdepth: 1 + apparmor SELinux diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX index aaa0195418b3..22ebdc02f0dc 100644 --- a/Documentation/security/00-INDEX +++ b/Documentation/security/00-INDEX @@ -4,8 +4,6 @@ Smack.txt - documentation on the Smack Linux Security Module. Yama.txt - documentation on the Yama Linux Security Module. -apparmor.txt - - documentation on the AppArmor security extension. keys-ecryptfs.txt - description of the encryption keys for the ecryptfs filesystem. keys-request-key.txt diff --git a/MAINTAINERS b/MAINTAINERS index c85108b4f6c7..184cdd32a67e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11560,6 +11560,7 @@ W: apparmor.wiki.kernel.org T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git S: Supported F: security/apparmor/ +F: Documentation/admin-guide/LSM/apparmor.rst LOADPIN SECURITY MODULE M: Kees Cook diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 960c913381e2..72c604350e80 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -226,7 +226,7 @@ void aa_dfa_free_kref(struct kref *kref) * @flags: flags controlling what type of accept tables are acceptable * * Unpack a dfa that has been serialized. To find information on the dfa - * format look in Documentation/security/apparmor.txt + * format look in Documentation/admin-guide/LSM/apparmor.rst * Assumes the dfa @blob stream has been aligned on a 8 byte boundary * * Returns: an unpacked dfa ready for matching or ERR_PTR on failure diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c