[6/6] Document locked_down LSM hook

Message ID	20190813192126.122370-7-matthewgarrett@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> Date: Tue, 13 Aug 2019 12:21:26 -0700 In-Reply-To: <20190813192126.122370-1-matthewgarrett@google.com> Message-Id: <20190813192126.122370-7-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190813192126.122370-1-matthewgarrett@google.com> Subject: [PATCH 6/6] Document locked_down LSM hook From: Matthew Garrett <matthewgarrett@google.com> To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, Matthew Garrett <matthewgarrett@google.com>, kbuild test robot <lkp@intel.com>, Matthew Garrett <mjg59@google.com> Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk
Series	lockdown fixups \| expand [0/6] lockdown fixups [1/6] tracefs: Fix potential null dereference in default_file_open() [2/6] early_security_init() needs a stub got !CONFIG_SECURITY [3/6] Avoid build warning when !CONFIG_KEXEC_SIG [4/6] security: fix ptr_ret.cocci warnings [5/6] kexec: s/KEXEC_VERIFY_SIG/KEXEC_SIG/ for consistency [6/6] Document locked_down LSM hook

Message ID

20190813192126.122370-7-matthewgarrett@google.com (mailing list archive)

State

New, archived

Headers

Date: Tue, 13 Aug 2019 12:21:26 -0700
In-Reply-To: <20190813192126.122370-1-matthewgarrett@google.com>
Message-Id: <20190813192126.122370-7-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190813192126.122370-1-matthewgarrett@google.com>
Subject: [PATCH 6/6] Document locked_down LSM hook
From: Matthew Garrett <matthewgarrett@google.com>
To: jmorris@namei.org
Cc: linux-security-module@vger.kernel.org,
        Matthew Garrett <matthewgarrett@google.com>,
        kbuild test robot <lkp@intel.com>,
        Matthew Garrett <mjg59@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk

Series

lockdown fixups | expand

Commit Message

Matthew Garrett Aug. 13, 2019, 7:21 p.m. UTC

The kbuild test robot pointed out that this wasn't documented.

Reported-by: kbuild test robot <lkp@intel.com>
Fixes: c360be6c ("security: Add a "locked down" LSM hook")
Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 include/linux/lsm_hooks.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 5ec2912c8661..2f4ba9062fb8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1446,6 +1446,11 @@ 
  * @bpf_prog_free_security:
  *	Clean up the security information stored inside bpf prog.
  *
+ * @locked_down
+ *     Determine whether a kernel feature that potentially enables arbitrary
+ *     code execution in kernel space should be permitted.
+ *
+ *     @what: kernel feature being accessed
  */
 union security_list_options {
 	int (*binder_set_context_mgr)(struct task_struct *mgr);

[6/6] Document locked_down LSM hook

Commit Message

Patch