Skip to content

Commit 30da4f7

Browse files
keesJonathan Corbet
kees
authored and
Jonathan Corbet
committed
doc: ReSTify LoadPin.txt
Adjusts for ReST markup and moves under LSM admin guide. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
1 parent 90bb766 commit 30da4f7

File tree

3 files changed

+10
-4
lines changed

3 files changed

+10
-4
lines changed

Documentation/security/LoadPin.txt renamed to Documentation/admin-guide/LSM/LoadPin.rst

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,21 @@
1+
=======
2+
LoadPin
3+
=======
4+
15
LoadPin is a Linux Security Module that ensures all kernel-loaded files
26
(modules, firmware, etc) all originate from the same filesystem, with
37
the expectation that such a filesystem is backed by a read-only device
48
such as dm-verity or CDROM. This allows systems that have a verified
59
and/or unchangeable filesystem to enforce module and firmware loading
610
restrictions without needing to sign the files individually.
711

8-
The LSM is selectable at build-time with CONFIG_SECURITY_LOADPIN, and
12+
The LSM is selectable at build-time with ``CONFIG_SECURITY_LOADPIN``, and
913
can be controlled at boot-time with the kernel command line option
10-
"loadpin.enabled". By default, it is enabled, but can be disabled at
11-
boot ("loadpin.enabled=0").
14+
"``loadpin.enabled``". By default, it is enabled, but can be disabled at
15+
boot ("``loadpin.enabled=0``").
1216

1317
LoadPin starts pinning when it sees the first file loaded. If the
1418
block device backing the filesystem is not read-only, a sysctl is
15-
created to toggle pinning: /proc/sys/kernel/loadpin/enabled. (Having
19+
created to toggle pinning: ``/proc/sys/kernel/loadpin/enabled``. (Having
1620
a mutable filesystem means pinning is mutable too, but having the
1721
sysctl allows for easy testing on systems with a mutable filesystem.)

Documentation/admin-guide/LSM/index.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ the one "major" module (e.g. SELinux) if there is one configured.
3434
:maxdepth: 1
3535

3636
apparmor
37+
LoadPin
3738
SELinux
3839
tomoyo
3940
Yama

MAINTAINERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11567,6 +11567,7 @@ M: Kees Cook <keescook@chromium.org>
1156711567
T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/loadpin
1156811568
S: Supported
1156911569
F: security/loadpin/
11570+
F: Documentation/admin-guide/LSM/LoadPin.rst
1157011571

1157111572
YAMA SECURITY MODULE
1157211573
M: Kees Cook <keescook@chromium.org>

0 commit comments

Comments
 (0)