Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752212AbdGDKMh (ORCPT ); Tue, 4 Jul 2017 06:12:37 -0400 Received: from mail-vk0-f68.google.com ([209.85.213.68]:33077 "EHLO mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751631AbdGDKMf (ORCPT ); Tue, 4 Jul 2017 06:12:35 -0400 MIME-Version: 1.0 In-Reply-To: References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> <1497286620-15027-2-git-send-email-s.mesoraca16@gmail.com> From: Salvatore Mesoraca Date: Tue, 4 Jul 2017 12:12:34 +0200 Message-ID: Subject: Re: [PATCH 01/11] S.A.R.A. Documentation To: Kees Cook Cc: LKML , linux-security-module , "kernel-hardening@lists.openwall.com" , Brad Spengler , PaX Team , Casey Schaufler , James Morris , "Serge E. Hallyn" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3439 Lines: 74 2017-06-28 0:51 GMT+02:00 Kees Cook : > On Mon, Jun 12, 2017 at 9:56 AM, Salvatore Mesoraca > wrote: >> Adding documentation for S.A.R.A. LSM. >> >> Signed-off-by: Salvatore Mesoraca >> --- >> Documentation/admin-guide/kernel-parameters.txt | 40 +++++ >> Documentation/security/00-INDEX | 2 + >> Documentation/security/SARA.rst | 192 ++++++++++++++++++++++++ >> 3 files changed, 234 insertions(+) >> create mode 100644 Documentation/security/SARA.rst >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt >> index 0f5c3b4..f3ee12d 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -3702,6 +3702,46 @@ >> 1 -- enable. >> Default value is set via kernel config option. >> >> + sara= [SARA] Disable or enable S.A.R.A. at boot time. >> + If disabled this way S.A.R.A. can't be enabled >> + again. >> + Format: { "0" | "1" } >> + See security/sara/Kconfig help text >> + 0 -- disable. >> + 1 -- enable. >> + Default value is set via kernel config option. >> + >> + sara_usb_filtering= [SARA] >> + Disable or enable S.A.R.A. USB Filtering at boot >> + time. >> + Format: { "0" | "1" } >> + See security/sara/Kconfig help text >> + 0 -- disable. >> + 1 -- enable. >> + Default value is 1. >> + >> + sara_usb_filtering_default= [SARA] >> + Set S.A.R.A. USB Filtering default action. >> + Format: { "a" | "d" } >> + See security/sara/Kconfig help text >> + a -- allow. >> + d -- deny. >> + Default value is set via kernel config option. >> + >> + sara_wxprot= [SARA] Disable or enable S.A.R.A. WX Protection >> + at boot time. >> + Format: { "0" | "1" } >> + See security/sara/Kconfig help text >> + 0 -- disable. >> + 1 -- enable. >> + Default value is 1. >> + >> + sara_wxprot_default_flags= [SARA] >> + Set S.A.R.A. WX Protection default flags. >> + Format: >> + See S.A.R.A. documentation. >> + Default value is set via kernel config option. >> + > > As an organizational note, I would suggest making these all regular > "module parameters", which would let them be automatically namespaced > under "sara". For example "sara.enabled", "sara.wxprot", etc. For > example, this is how LoadPin does it for "loadpin.enabled": > > /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ > module_param(enabled, int, 0); > MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)"); I apologize to be so late to answer you. I completely missed this email. I'll follow your suggestion in v3, thank you.