[PATCH] SELinux: document boot options

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] SELinux: document boot options
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
78b96d12 · Stephen D. Smalley · Linus Torvalds · 65e05719 · 78b96d12
Commit 78b96d12 authored Mar 09, 2005 by Stephen D. Smalley Committed by Linus Torvalds Mar 09, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 0 deletions

Documentation/kernel-parameters.txt Documentation/kernel-parameters.txt +26 -0

No files found.
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -67,6 +67,7 @@ restrictions referred to are that the relevant option is valid if:
 	SCSI	Appropriate SCSI support is enabled.
 			A lot of drivers has their options described inside of
 			Documentation/scsi/.
+	SELINUX SELinux support is enabled.
 	SERIAL	Serial support is enabled.
 	SMP	The kernel is an SMP kernel.
 	SPARC	Sparc architecture is enabled.
@@ -295,6 +296,14 @@ running once the system is up.
 			See header of drivers/cdrom/cdu31a.c.

 	chandev=	[HW,NET] Generic channel device initialisation
+
+	checkreqprot	[SELINUX] Set initial checkreqprot flag value.
+			Format: { "0" | "1" }
+			See security/selinux/Kconfig help text.
+			0 -- check protection applied by kernel (includes any implied execute protection).
+			1 -- check protection requested by application.
+			Default value is set via a kernel config option.
+			Value can be changed at runtime via /selinux/checkreqprot.
 
 	clock=		[BUGS=IA-32, HW] gettimeofday timesource override. 
 			Forces specified timesource (if avaliable) to be used
@@ -435,6 +444,14 @@ running once the system is up.
 			See Documentation/block/as-iosched.txt
 			and Documentation/block/deadline-iosched.txt for details.

+	enforcing	[SELINUX] Set initial enforcing status.
+			Format: {"0" | "1"}
+			See security/selinux/Kconfig help text.
+			0 -- permissive (log only, no denials).
+			1 -- enforcing (deny and log).
+			Default value is 0.
+			Value can be changed at runtime via /selinux/enforce.
+
 	es1370=		[HW,OSS]
 			Format: <lineout>[,<micbias>]
 			See also header of sound/oss/es1370.c.
@@ -1160,6 +1177,15 @@ running once the system is up.

 	scsi_logging=	[SCSI]

+	selinux		[SELINUX] Disable or enable SELinux at boot time.
+			Format: { "0" | "1" }
+			See security/selinux/Kconfig help text.
+			0 -- disable.
+			1 -- enable.
+			Default value is set via kernel config option.
+			If enabled at boot time, /selinux/disable can be used
+			later to disable prior to initial policy load.
+
 	serialnumber	[BUGS=IA-32]

 	sf16fm=		[HW] SF16FMI radio driver for Linux