Home
last modified time | relevance | path

Searched refs:lockdown (Results 1 – 18 of 18) sorted by relevance

/linux-6.15/security/lockdown/
H A DKconfig2 bool "Basic module for enforcing kernel lockdown"
6 Build support for an LSM that enforces a coarse kernel lockdown
10 bool "Enable lockdown LSM early in init"
13 Enable the lockdown LSM early in boot. This is necessary in order
14 to ensure that lockdown enforcement can be carried out on kernel
16 subsystem is fully initialised. If enabled, lockdown will
20 prompt "Kernel default lockdown mode"
25 lockdown.
30 No lockdown functionality is enabled by default. Lockdown may be
31 enabled via the kernel commandline or /sys/kernel/security/lockdown.
H A Dlockdown.c167 DEFINE_EARLY_LSM(lockdown) = {
169 DEFINE_LSM(lockdown) = {
H A DMakefile1 obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown.o
/linux-6.15/Documentation/usb/
H A Dauthorization.rst41 Example system lockdown (lame)
44 Imagine you want to implement a lockdown so only devices of type XYZ
64 Now, device_is_my_type() is where the juice for a lockdown is. Just
77 if [ $sum = $(cat /etc/lockdown/keysum) ]
/linux-6.15/security/
H A DKconfig230 source "security/lockdown/Kconfig"
272 …default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,ipe,bpf" if DEFAUL…
273 …default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,ipe,bpf" if DEFAUL…
274 default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,ipe,bpf" if DEFAULT_SECURITY_TOMOYO
275 default "landlock,lockdown,yama,loadpin,safesetid,ipe,bpf" if DEFAULT_SECURITY_DAC
276 default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,ipe,bpf"
H A DMakefile24 obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/
/linux-6.15/arch/powerpc/configs/
H A Dsecurity.config3 # This is the equivalent of booting with lockdown=integrity
/linux-6.15/drivers/input/rmi4/
H A Drmi_f34.h183 u16 lockdown; member
220 struct block_data lockdown; member
H A Drmi_f34v7.c434 blkcount->lockdown = partition_length; in rmi_f34v7_parse_partition_table()
437 __func__, blkcount->lockdown); in rmi_f34v7_parse_partition_table()
905 f34->v7.img.lockdown.data = content; in rmi_f34v7_parse_img_header_10_bl_container()
906 f34->v7.img.lockdown.size = length; in rmi_f34v7_parse_img_header_10_bl_container()
/linux-6.15/arch/openrisc/configs/
H A Dor1klitex_defconfig51 CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf"
/linux-6.15/drivers/fwctl/
H A DKconfig7 support a wide range of lockdown compatible device behaviors including
/linux-6.15/Documentation/userspace-api/
H A Dlandlock.rst636 CONFIG_LSM="lockdown,yama,integrity,apparmor"
643 lsm=lockdown,yama,integrity,apparmor
648 lsm=landlock,lockdown,yama,integrity,apparmor
656 [ 0.000000] Command line: [...] lsm=landlock,lockdown,yama,integrity,apparmor
657 [ 0.000000] Kernel command line: [...] lsm=landlock,lockdown,yama,integrity,apparmor
658 [ 0.000000] LSM: initializing lsm=lockdown,capability,landlock,yama,integrity,apparmor
661 The kernel may be configured at build time to always load the ``lockdown`` and
/linux-6.15/arch/mips/configs/
H A Dgcw0_defconfig147 CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity"
/linux-6.15/arch/powerpc/xmon/
H A Dxmon.c295 static bool lockdown; in xmon_is_locked_down() local
297 if (!lockdown) { in xmon_is_locked_down()
298 lockdown = !!security_locked_down(LOCKDOWN_XMON_RW); in xmon_is_locked_down()
299 if (lockdown) { in xmon_is_locked_down()
311 return lockdown; in xmon_is_locked_down()
/linux-6.15/Documentation/userspace-api/fwctl/
H A Dfwctl.rst107 the principles of kernel lockdown and kernel integrity protection. Triggers
120 Taint or CAP), broadly derived from the principles of kernel lockdown. Some
/linux-6.15/kernel/module/
H A DKconfig264 CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
266 of the lockdown policy.
/linux-6.15/Documentation/admin-guide/
H A Dkernel-parameters.txt3194 lockdown= [SECURITY,EARLY]
3196 Enable the kernel lockdown feature. If set to
/linux-6.15/
H A DMAINTAINERS13868 F: security/lockdown/