Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Jul 2017 12:12:34 +0200
From: Salvatore Mesoraca <s.mesoraca16@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: LKML <linux-kernel@...r.kernel.org>, 
	linux-security-module <linux-security-module@...r.kernel.org>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, 
	Brad Spengler <spender@...ecurity.net>, PaX Team <pageexec@...email.hu>, 
	Casey Schaufler <casey@...aufler-ca.com>, James Morris <james.l.morris@...cle.com>, 
	"Serge E. Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH 01/11] S.A.R.A. Documentation

2017-06-28 0:51 GMT+02:00 Kees Cook <keescook@...omium.org>:
> On Mon, Jun 12, 2017 at 9:56 AM, Salvatore Mesoraca
> <s.mesoraca16@...il.com> wrote:
>> Adding documentation for S.A.R.A. LSM.
>>
>> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@...il.com>
>> ---
>>  Documentation/admin-guide/kernel-parameters.txt |  40 +++++
>>  Documentation/security/00-INDEX                 |   2 +
>>  Documentation/security/SARA.rst                 | 192 ++++++++++++++++++++++++
>>  3 files changed, 234 insertions(+)
>>  create mode 100644 Documentation/security/SARA.rst
>>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
>> index 0f5c3b4..f3ee12d 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -3702,6 +3702,46 @@
>>                         1 -- enable.
>>                         Default value is set via kernel config option.
>>
>> +       sara=           [SARA] Disable or enable S.A.R.A. at boot time.
>> +                       If disabled this way S.A.R.A. can't be enabled
>> +                       again.
>> +                       Format: { "0" | "1" }
>> +                       See security/sara/Kconfig help text
>> +                       0 -- disable.
>> +                       1 -- enable.
>> +                       Default value is set via kernel config option.
>> +
>> +       sara_usb_filtering= [SARA]
>> +                       Disable or enable S.A.R.A. USB Filtering at boot
>> +                       time.
>> +                       Format: { "0" | "1" }
>> +                       See security/sara/Kconfig help text
>> +                       0 -- disable.
>> +                       1 -- enable.
>> +                       Default value is 1.
>> +
>> +       sara_usb_filtering_default= [SARA]
>> +                       Set S.A.R.A. USB Filtering default action.
>> +                       Format: { "a" | "d" }
>> +                       See security/sara/Kconfig help text
>> +                       a -- allow.
>> +                       d -- deny.
>> +                       Default value is set via kernel config option.
>> +
>> +       sara_wxprot=    [SARA] Disable or enable S.A.R.A. WX Protection
>> +                       at boot time.
>> +                       Format: { "0" | "1" }
>> +                       See security/sara/Kconfig help text
>> +                       0 -- disable.
>> +                       1 -- enable.
>> +                       Default value is 1.
>> +
>> +       sara_wxprot_default_flags= [SARA]
>> +                       Set S.A.R.A. WX Protection default flags.
>> +                       Format: <integer>
>> +                       See S.A.R.A. documentation.
>> +                       Default value is set via kernel config option.
>> +
>
> As an organizational note, I would suggest making these all regular
> "module parameters", which would let them be automatically namespaced
> under "sara". For example "sara.enabled", "sara.wxprot", etc. For
> example, this is how LoadPin does it for "loadpin.enabled":
>
> /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
> module_param(enabled, int, 0);
> MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)");

I apologize to be so late to answer you.
I completely missed this email.
I'll follow your suggestion in v3, thank you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.