forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-01-31 f70575805708cabdedea7498aaa3f710fde4d920 
 kernel/Documentation/admin-guide/LSM/index.rst
....@@ -17,9 +17,8 @@
1717 specific changes to system operation when these tweaks are not available
1818 in the core functionality of Linux itself.
1919 
20
-Without a specific LSM built into the kernel, the default LSM will be the
21
-Linux capabilities system. Most LSMs choose to extend the capabilities
22
-system, building their checks on top of the defined capability hooks.
20
+The Linux capabilities modules will always be included. This may be
21
+followed by any number of "minor" modules and at most one "major" module.
2322 For more details on capabilities, see ``capabilities(7)`` in the Linux
2423 man-pages project.
2524 
....@@ -30,6 +29,14 @@
3029 be first, followed by any "minor" modules (e.g. Yama) and then
3130 the one "major" module (e.g. SELinux) if there is one configured.
3231 
32
+Process attributes associated with "major" security modules should
33
+be accessed and maintained using the special files in ``/proc/.../attr``.
34
+A security module may maintain a module specific subdirectory there,
35
+named after the module. ``/proc/.../attr/smack`` is provided by the Smack
36
+security module and contains all its special files. The files directly
37
+in ``/proc/.../attr`` remain as legacy interfaces for modules that provide
38
+subdirectories.
39
+
3340 .. toctree::
3441    :maxdepth: 1
3542 
....@@ -39,3 +46,4 @@
3946    Smack
4047    tomoyo
4148    Yama
49
+   SafeSetID