mirror of https://github.com/mkerrisk/man-pages
kernel_lockdown.7: Describe LSM activation
Describe the activation of the Kernel Lockdown feature via Kconfig and the command line. Cf. Documentation/admin-guide/kernel-parameters.rst. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
d2bbc4b7eb
commit
7a737de2e1
|
@ -104,4 +104,17 @@ whether or not they are specified on the command line,
|
|||
for both the built-in and custom policies in secure boot lockdown mode.
|
||||
.SH VERSIONS
|
||||
The Kernel Lockdown feature was added in Linux 5.4.
|
||||
.SH NOTES
|
||||
The Kernel Lockdown feature is enabled by CONFIG_SECURITY_LOCKDOWN_LSM.
|
||||
The
|
||||
.I lsm=lsm1,...,lsmN
|
||||
command line parameter controls the sequence of the initialization of
|
||||
Linux Security Modules.
|
||||
It must contain the string
|
||||
.I lockdown
|
||||
to enable the Kernel Lockdown feature.
|
||||
If the command line parameter is not specified,
|
||||
the initialization falls back to the value of the deprecated
|
||||
.I security=
|
||||
command line parameter and further to the value of CONFIG_LSM.
|
||||
.\" commit 000d388ed3bbed745f366ce71b2bb7c2ee70f449
|
||||
|
|
Loading…
Reference in New Issue