kernel-ark/Documentation/security/lsm-development.rst

=================================
Linux Security Module Development
=================================

Based on https://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.org,
a new LSM is accepted into the kernel when its intent (a description of
what it tries to protect against and in what cases one would expect to
use it) has been appropriately documented in ``Documentation/admin-guide/LSM/``.
This allows an LSM's code to be easily compared to its goals, and so
that end users and distros can make a more informed decision about which
LSMs suit their requirements.

For extensive documentation on the available LSM hook interfaces, please
see ``include/linux/lsm_hooks.h`` and associated structures:

.. kernel-doc:: include/linux/lsm_hooks.h
   :internal:
doc: ReSTify and split LSM.txt The existing LSM.txt file covered both usage and development, so split this into two files, one under admin-guide and one under kernel development. Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2017-05-13 11:51:43 +00:00			`=================================`
			`Linux Security Module Development`
			`=================================`

Documentation: Replace lkml.org links with lore Replace the lkml.org links with lore to better use a single source that's more likely to stay available long-term. Done by bash script: cvt_lkml_to_lore () { tmpfile=$(mktemp ./.cvt_links.XXXXXXX) header=$(echo $1 \| sed 's@/lkml/@/lkml/headers/@') wget -qO - $header > $tmpfile if [[ $? == 0 ]] ; then link=$(grep -i '^Message-Id:' $tmpfile \| head -1 \| \ sed -r -e 's/^\sMessage-Id:\s<\s//' -e 's/\s>\s*$//' -e 's@^@https://lore.kernel.org/r/@') # echo "testlink: $link" if [ -n "$link" ] ; then wget -qO - $link > /dev/null if [[ $? == 0 ]] ; then echo $link fi fi fi rm -f $tmpfile } git grep -P -o "\bhttps?://(?:www.)?lkml.org/lkml[\/\w]+" $@ \| while read line ; do echo $line file=$(echo $line \| cut -f1 -d':') link=$(echo $line \| cut -f2- -d':') newlink=$(cvt_lkml_to_lore $link) if [[ -n "$newlink" ]] ; then sed -i -e "s#\b$link\b#$newlink#" $file fi done Link: https://lore.kernel.org/patchwork/patch/1265849/#1462688 Signed-off-by: Joe Perches <joe@perches.com> Link: https://lore.kernel.org/r/77cdb7f32cfb087955bfc3600b86c40bed5d4104.camel@perches.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2021-01-10 20:41:44 +00:00			`Based on https://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.org,`
doc: ReSTify and split LSM.txt The existing LSM.txt file covered both usage and development, so split this into two files, one under admin-guide and one under kernel development. Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2017-05-13 11:51:43 +00:00			`a new LSM is accepted into the kernel when its intent (a description of`
			`what it tries to protect against and in what cases one would expect to`
security: fix LSM description location Acked-by: Kees Cook <keescook@chromium.org> Fix Documentation location reference for where LSM descriptions should be placed. Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: linux-security-module@vger.kernel.org Signed-off-by: James Morris <james.morris@microsoft.com> 2018-10-09 00:46:04 +00:00			use it) has been appropriately documented in ``Documentation/admin-guide/LSM/``.
doc: ReSTify and split LSM.txt The existing LSM.txt file covered both usage and development, so split this into two files, one under admin-guide and one under kernel development. Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2017-05-13 11:51:43 +00:00			`This allows an LSM's code to be easily compared to its goals, and so`
			`that end users and distros can make a more informed decision about which`
			`LSMs suit their requirements.`

			`For extensive documentation on the available LSM hook interfaces, please`
doc: security: Add kern-doc for lsm_hooks.h There is a lot of kern-doc for the LSM internals, but it wasn't visible in the HTML output. This exposes some formatting flaws in lsm_hooks.h that will be fixed in a later series of patches. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2019-02-17 22:19:01 +00:00			see ``include/linux/lsm_hooks.h`` and associated structures:

			`.. kernel-doc:: include/linux/lsm_hooks.h`
			`:internal:`