LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

kernel_lockdown.7: Describe LSM activation 

Describe the activation of the Kernel Lockdown feature via Kconfig
and the command line.

Cf. Documentation/admin-guide/kernel-parameters.rst.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Heinrich Schuchardt 2020-10-16 21:03:37 +02:00 committed by Michael Kerrisk
parent d2bbc4b7eb
commit 7a737de2e1
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
man7/kernel_lockdown.7
View File

@ -104,4 +104,17 @@ whether or not they are specified on the command line,
for both the built-in and custom policies in secure boot lockdown mode.
.SH VERSIONS
The Kernel Lockdown feature was added in Linux 5.4.
.SH NOTES
The Kernel Lockdown feature is enabled by CONFIG_SECURITY_LOCKDOWN_LSM.
The
.I lsm=lsm1,...,lsmN
command line parameter controls the sequence of the initialization of
Linux Security Modules.
It must contain the string
.I lockdown
to enable the Kernel Lockdown feature.
If the command line parameter is not specified,
the initialization falls back to the value of the deprecated
.I security=
command line parameter and further to the value of CONFIG_LSM.
.\" commit 000d388ed3bbed745f366ce71b2bb7c2ee70f449