Commit d410fa4e authored by Randy Dunlap's avatar Randy Dunlap

Create Documentation/security/,

move LSM-, credentials-, and keys-related files from Documentation/
  to Documentation/security/,
add Documentation/security/00-INDEX, and
update all occurrences of Documentation/<moved_file>
  to Documentation/security/<moved_file>.
parent 61c4f2c8
...@@ -192,10 +192,6 @@ kernel-docs.txt ...@@ -192,10 +192,6 @@ kernel-docs.txt
- listing of various WWW + books that document kernel internals. - listing of various WWW + books that document kernel internals.
kernel-parameters.txt kernel-parameters.txt
- summary listing of command line / boot prompt args for the kernel. - summary listing of command line / boot prompt args for the kernel.
keys-request-key.txt
- description of the kernel key request service.
keys.txt
- description of the kernel key retention service.
kobject.txt kobject.txt
- info of the kobject infrastructure of the Linux kernel. - info of the kobject infrastructure of the Linux kernel.
kprobes.txt kprobes.txt
...@@ -294,6 +290,8 @@ scheduler/ ...@@ -294,6 +290,8 @@ scheduler/
- directory with info on the scheduler. - directory with info on the scheduler.
scsi/ scsi/
- directory with info on Linux scsi support. - directory with info on Linux scsi support.
security/
- directory that contains security-related info
serial/ serial/
- directory with info on the low level serial API. - directory with info on the low level serial API.
serial-console.txt serial-console.txt
......
...@@ -47,8 +47,8 @@ request-key will find the first matching line and corresponding program. In ...@@ -47,8 +47,8 @@ request-key will find the first matching line and corresponding program. In
this case, /some/other/program will handle all uid lookups and this case, /some/other/program will handle all uid lookups and
/usr/sbin/nfs.idmap will handle gid, user, and group lookups. /usr/sbin/nfs.idmap will handle gid, user, and group lookups.
See <file:Documentation/keys-request-keys.txt> for more information about the See <file:Documentation/security/keys-request-keys.txt> for more information
request-key function. about the request-key function.
========= =========
......
...@@ -139,8 +139,8 @@ the key will be discarded and recreated when the data it holds has expired. ...@@ -139,8 +139,8 @@ the key will be discarded and recreated when the data it holds has expired.
dns_query() returns a copy of the value attached to the key, or an error if dns_query() returns a copy of the value attached to the key, or an error if
that is indicated instead. that is indicated instead.
See <file:Documentation/keys-request-key.txt> for further information about See <file:Documentation/security/keys-request-key.txt> for further
request-key function. information about request-key function.
========= =========
......
00-INDEX
- this file.
SELinux.txt
- how to get started with the SELinux security enhancement.
Smack.txt
- documentation on the Smack Linux Security Module.
apparmor.txt
- documentation on the AppArmor security extension.
credentials.txt
- documentation about credentials in Linux.
keys-request-key.txt
- description of the kernel key request service.
keys-trusted-encrypted.txt
- info on the Trusted and Encrypted keys in the kernel key ring service.
keys.txt
- description of the kernel key retention service.
tomoyo.txt
- documentation on the TOMOYO Linux Security Module.
...@@ -216,7 +216,7 @@ The Linux kernel supports the following types of credentials: ...@@ -216,7 +216,7 @@ The Linux kernel supports the following types of credentials:
When a process accesses a key, if not already present, it will normally be When a process accesses a key, if not already present, it will normally be
cached on one of these keyrings for future accesses to find. cached on one of these keyrings for future accesses to find.
For more information on using keys, see Documentation/keys.txt. For more information on using keys, see Documentation/security/keys.txt.
(5) LSM (5) LSM
......
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
=================== ===================
The key request service is part of the key retention service (refer to The key request service is part of the key retention service (refer to
Documentation/keys.txt). This document explains more fully how the requesting Documentation/security/keys.txt). This document explains more fully how
algorithm works. the requesting algorithm works.
The process starts by either the kernel requesting a service by calling The process starts by either the kernel requesting a service by calling
request_key*(): request_key*():
......
...@@ -434,7 +434,7 @@ The main syscalls are: ...@@ -434,7 +434,7 @@ The main syscalls are:
/sbin/request-key will be invoked in an attempt to obtain a key. The /sbin/request-key will be invoked in an attempt to obtain a key. The
callout_info string will be passed as an argument to the program. callout_info string will be passed as an argument to the program.
See also Documentation/keys-request-key.txt. See also Documentation/security/keys-request-key.txt.
The keyctl syscall functions are: The keyctl syscall functions are:
...@@ -864,7 +864,7 @@ payload contents" for more information. ...@@ -864,7 +864,7 @@ payload contents" for more information.
If successful, the key will have been attached to the default keyring for If successful, the key will have been attached to the default keyring for
implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING. implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING.
See also Documentation/keys-request-key.txt. See also Documentation/security/keys-request-key.txt.
(*) To search for a key, passing auxiliary data to the upcaller, call: (*) To search for a key, passing auxiliary data to the upcaller, call:
......
...@@ -3705,7 +3705,7 @@ KEYS/KEYRINGS: ...@@ -3705,7 +3705,7 @@ KEYS/KEYRINGS:
M: David Howells <dhowells@redhat.com> M: David Howells <dhowells@redhat.com>
L: keyrings@linux-nfs.org L: keyrings@linux-nfs.org
S: Maintained S: Maintained
F: Documentation/keys.txt F: Documentation/security/keys.txt
F: include/linux/key.h F: include/linux/key.h
F: include/linux/key-type.h F: include/linux/key-type.h
F: include/keys/ F: include/keys/
...@@ -3717,7 +3717,7 @@ M: Mimi Zohar <zohar@us.ibm.com> ...@@ -3717,7 +3717,7 @@ M: Mimi Zohar <zohar@us.ibm.com>
L: linux-security-module@vger.kernel.org L: linux-security-module@vger.kernel.org
L: keyrings@linux-nfs.org L: keyrings@linux-nfs.org
S: Supported S: Supported
F: Documentation/keys-trusted-encrypted.txt F: Documentation/security/keys-trusted-encrypted.txt
F: include/keys/trusted-type.h F: include/keys/trusted-type.h
F: security/keys/trusted.c F: security/keys/trusted.c
F: security/keys/trusted.h F: security/keys/trusted.h
...@@ -3728,7 +3728,7 @@ M: David Safford <safford@watson.ibm.com> ...@@ -3728,7 +3728,7 @@ M: David Safford <safford@watson.ibm.com>
L: linux-security-module@vger.kernel.org L: linux-security-module@vger.kernel.org
L: keyrings@linux-nfs.org L: keyrings@linux-nfs.org
S: Supported S: Supported
F: Documentation/keys-trusted-encrypted.txt F: Documentation/security/keys-trusted-encrypted.txt
F: include/keys/encrypted-type.h F: include/keys/encrypted-type.h
F: security/keys/encrypted.c F: security/keys/encrypted.c
F: security/keys/encrypted.h F: security/keys/encrypted.h
......
/* Credentials management - see Documentation/credentials.txt /* Credentials management - see Documentation/security/credentials.txt
* *
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com) * Written by David Howells (dhowells@redhat.com)
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* 2 of the License, or (at your option) any later version. * 2 of the License, or (at your option) any later version.
* *
* *
* See Documentation/keys.txt for information on keys/keyrings. * See Documentation/security/keys.txt for information on keys/keyrings.
*/ */
#ifndef _LINUX_KEY_H #ifndef _LINUX_KEY_H
......
/* Task credentials management - see Documentation/credentials.txt /* Task credentials management - see Documentation/security/credentials.txt
* *
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com) * Written by David Howells (dhowells@redhat.com)
......
Please see Documentation/SELinux.txt for information on Please see Documentation/security/SELinux.txt for information on
installing a dummy SELinux policy. installing a dummy SELinux policy.
...@@ -194,7 +194,7 @@ void aa_dfa_free_kref(struct kref *kref) ...@@ -194,7 +194,7 @@ void aa_dfa_free_kref(struct kref *kref)
* @flags: flags controlling what type of accept tables are acceptable * @flags: flags controlling what type of accept tables are acceptable
* *
* Unpack a dfa that has been serialized. To find information on the dfa * Unpack a dfa that has been serialized. To find information on the dfa
* format look in Documentation/apparmor.txt * format look in Documentation/security/apparmor.txt
* Assumes the dfa @blob stream has been aligned on a 8 byte boundary * Assumes the dfa @blob stream has been aligned on a 8 byte boundary
* *
* Returns: an unpacked dfa ready for matching or ERR_PTR on failure * Returns: an unpacked dfa ready for matching or ERR_PTR on failure
......
...@@ -12,8 +12,8 @@ ...@@ -12,8 +12,8 @@
* published by the Free Software Foundation, version 2 of the * published by the Free Software Foundation, version 2 of the
* License. * License.
* *
* AppArmor uses a serialized binary format for loading policy. * AppArmor uses a serialized binary format for loading policy. To find
* To find policy format documentation look in Documentation/apparmor.txt * policy format documentation look in Documentation/security/apparmor.txt
* All policy is validated before it is used. * All policy is validated before it is used.
*/ */
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2 of the License. * the Free Software Foundation, version 2 of the License.
* *
* See Documentation/keys-trusted-encrypted.txt * See Documentation/security/keys-trusted-encrypted.txt
*/ */
#include <linux/uaccess.h> #include <linux/uaccess.h>
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* as published by the Free Software Foundation; either version * as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version. * 2 of the License, or (at your option) any later version.
* *
* See Documentation/keys-request-key.txt * See Documentation/security/keys-request-key.txt
*/ */
#include <linux/module.h> #include <linux/module.h>
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* as published by the Free Software Foundation; either version * as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version. * 2 of the License, or (at your option) any later version.
* *
* See Documentation/keys-request-key.txt * See Documentation/security/keys-request-key.txt
*/ */
#include <linux/module.h> #include <linux/module.h>
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2 of the License. * the Free Software Foundation, version 2 of the License.
* *
* See Documentation/keys-trusted-encrypted.txt * See Documentation/security/keys-trusted-encrypted.txt
*/ */
#include <linux/uaccess.h> #include <linux/uaccess.h>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment