OpenCloudOS-Kernel/Documentation
Stephen Smalley e9c38f9fc2 Documentation,selinux: deprecate setting checkreqprot to 1
Deprecate setting the SELinux checkreqprot tunable to 1 via kernel
parameter or /sys/fs/selinux/checkreqprot.  Setting it to 0 is left
intact for compatibility since Android and some Linux distributions
do so for security and treat an inability to set it as a fatal error.
Eventually setting it to 0 will become a no-op and the kernel will
stop using checkreqprot's value internally altogether.

checkreqprot was originally introduced as a compatibility mechanism
for legacy userspace and the READ_IMPLIES_EXEC personality flag.
However, if set to 1, it weakens security by allowing mappings to be
made executable without authorization by policy.  The default value
for the SECURITY_SELINUX_CHECKREQPROT_VALUE config option was changed
from 1 to 0 in commit 2a35d196c1 ("selinux: change
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default") and both Android
and Linux distributions began explicitly setting
/sys/fs/selinux/checkreqprot to 0 some time ago.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2020-02-10 10:49:01 -05:00
..
ABI Documentation,selinux: deprecate setting checkreqprot to 1 2020-02-10 10:49:01 -05:00
EDID docs: driver-api: add a series of orphaned documents 2019-07-15 11:03:02 -03:00
PCI Documentation: PCI: Fix pci_alloc_irq_vectors() function name typo 2019-12-30 08:21:29 -06:00
RCU Merge branches 'doc.2019.12.10a', 'exp.2019.12.09a', 'fixes.2020.01.24a', 'kfree_rcu.2020.01.24a', 'list.2020.01.10a', 'preempt.2020.01.24a' and 'torture.2019.12.09a' into HEAD 2020-01-24 10:37:27 -08:00
accounting docs: add some documentation dirs to the driver-api book 2019-07-15 11:03:02 -03:00
admin-guide Documentation,selinux: deprecate setting checkreqprot to 1 2020-02-10 10:49:01 -05:00
arm ARM: at91: Documentation: add sam9x60 product and datasheet 2020-01-10 23:40:31 +01:00
arm64 Merge branch 'for-next/rng' into for-next/core 2020-01-22 11:38:53 +00:00
block docs: block/biovecs: update the location of bio.c 2020-01-10 10:23:15 -07:00
bpf bpf: Add s390 testing documentation 2019-10-30 16:25:31 +01:00
cdrom docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
core-api mm, tree-wide: rename put_user_page*() to unpin_user_page*() 2020-01-31 10:30:38 -08:00
cpu-freq Documentation: cpufreq: Update policy notifier documentation 2019-09-02 22:44:05 +02:00
crypto crypto: algapi - make unregistration functions return void 2019-12-20 14:58:35 +08:00
dev-tools RISC-V Patches for the 5.6 Merge Window, Part 1 2020-01-31 11:23:29 -08:00
devicetree ARM: SoC-related driver updates 2020-02-08 14:04:19 -08:00
doc-guide Documentation: build warnings related to missing blank lines after explicit markups has been fixed 2020-02-05 10:30:03 -07:00
driver-api dmaengine fixes for v5.6-rc1 2020-02-05 18:07:39 +00:00
fault-injection docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
fb fbdev: fbmem: allow overriding the number of bootup logos 2020-01-03 14:27:40 +01:00
features s390 updates for the 5.6 merge window #2 2020-02-05 17:33:35 +00:00
filesystems fs: New zonefs file system 2020-02-09 15:51:46 -08:00
firmware-guide docs: firmware-guide: ACPI: Replace dma_request_slave_channel() with dma_request_chan() 2019-12-19 22:58:12 +01:00
firmware_class
fpga Documentation: fpga: dfl: add descriptions for thermal/power management interfaces 2019-10-16 19:18:26 -07:00
gpu drm-misc-next for v5.6: 2020-01-03 11:43:44 +10:00
hid docs: add some documentation dirs to the driver-api book 2019-07-15 11:03:02 -03:00
hwmon hwmon: (adm1177) Add ADM1177 Hot Swap Controller and Digital Power Monitor driver 2020-01-23 13:15:11 -08:00
i2c docs: i2c: writing-clients: properly name the stop condition 2020-01-29 22:02:09 +01:00
ia64 docs: add SPDX tags to new index files 2019-07-15 11:03:03 -03:00
ide docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
iio docs: add some documentation dirs to the driver-api book 2019-07-15 11:03:02 -03:00
infiniband Documentation/infiniband: update name of some functions 2019-09-13 16:55:55 -03:00
input Input: docs: fix spelling mistake "potocol" -> "protocol" 2019-08-06 11:24:49 -06:00
isdn isdn: capi: dead code removal 2019-12-11 09:12:38 +01:00
kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
kernel-hacking Documentation: kernel-hacking: hacking.rst: Change reference to document namespaces.rst to symbol-namespaces.rst 2019-12-19 09:36:23 -07:00
leds leds: core: Add support for composing LED class device names 2019-07-25 20:07:52 +02:00
livepatch livepatch: Documentation of the new API for tracking system state changes 2019-11-01 13:08:24 +01:00
locking docs/locking: Fix outdated section names 2020-02-05 10:21:12 -07:00
m68k docs: README.buddha: convert to ReST and add to m68k book 2019-07-31 13:30:10 -06:00
maintainer Add a maintainer entry profile for documentation 2020-01-24 09:48:39 -07:00
media media updates for v5.6-rc1 2020-01-31 14:43:23 -08:00
mic docs: driver-api: add remaining converted dirs to it 2019-07-15 11:03:03 -03:00
mips docs: fix some broken references 2019-10-10 11:25:39 -06:00
misc-devices Documentation: fix Sphinx warning in xilinx_sdfec.rst 2019-12-19 09:26:25 -07:00
netlabel docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
networking netfilter: nf_flowtable: fix documentation 2020-01-31 19:31:42 +01:00
nios2 docs: nios2: add it to the main Documentation body 2019-07-31 13:31:51 -06:00
nvdimm docs: nvdimm: use ReST notation for subsection 2020-01-24 09:54:42 -07:00
openrisc docs: openrisc: convert to ReST and add to documentation body 2019-07-31 13:30:20 -06:00
parisc docs: parisc: convert to ReST and add to documentation body 2019-07-31 13:30:15 -06:00
pcmcia docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
power Documentation: admin-guide: PM: Update sleep states documentation 2020-02-03 11:58:26 +01:00
powerpc powerpc updates for 5.6 2020-02-04 13:06:46 +00:00
process A handful of small documentation fixes that wandered in. 2020-02-07 13:03:10 -08:00
riscv It has been a relatively quiet cycle for documentation, but there's still a 2020-01-29 15:27:31 -08:00
s390 Documentation/s390: remove outdated debugging390 documentation 2019-08-21 12:41:43 +02:00
scheduler Documentation/scheduler: fix links in sched-stats 2019-10-29 04:35:41 -06:00
scsi scsi: smartpqi: Update attribute name to `driver_version` 2019-12-09 19:17:36 -05:00
security Documentation: security: core.rst: fix warnings 2019-11-22 10:01:47 -07:00
sh docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
sound sound updates for 5.6-rc1 2020-01-28 16:26:57 -08:00
sparc docs: add arch doc directories to the index 2019-07-15 11:03:01 -03:00
sphinx docs: Keep up with the location of NoUri 2020-01-24 09:47:05 -07:00
sphinx-static doc-rst: Reduce CSS padding around Field 2019-10-02 10:03:06 -06:00
spi spi: docs: convert to ReST and add it to the kABI bookset 2019-07-31 14:13:13 -06:00
target docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
timers docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
trace A handful of small documentation fixes that wandered in. 2020-02-07 13:03:10 -08:00
translations Documentation: changes.rst: update several outdated project URLs 2020-02-05 10:32:57 -07:00
usb docs: usb: remove some broken references 2020-01-28 13:41:22 -07:00
userspace-api staging: remove isdn capi drivers 2019-12-11 09:11:29 +01:00
virt KVM: s390: Fixes and cleanups for 5.6 2020-02-05 16:15:05 +01:00
virtual cpuidle: add haltpoll governor 2019-07-30 17:27:37 +02:00
vm mm/zswap.c: add allocation hysteresis if pool limit is hit 2020-01-31 10:30:39 -08:00
w1 docs: w1: Fix a typo in omap-hdq.rst 2019-12-30 11:58:02 -07:00
watchdog linux-watchdog 5.4-rc1 tag 2019-09-27 11:17:38 -07:00
x86 MPX requires recompiling applications, which requires compiler support. 2020-01-30 16:11:50 -08:00
xtensa docs: add arch doc directories to the index 2019-07-15 11:03:01 -03:00
.gitignore
COPYING-logo docs: logo.txt: rename it to COPYING-logo 2019-07-15 09:20:27 -03:00
Changes
CodingStyle
DMA-API-HOWTO.txt docs: DMA-API-HOWTO.txt: fix an unmarked code block 2019-07-15 09:20:24 -03:00
DMA-API.txt dma-mapping: remove dma_release_declared_memory 2019-09-04 11:13:19 +02:00
DMA-ISA-LPC.txt
DMA-attributes.txt dma-mapping: remove the DMA_ATTR_WRITE_BARRIER flag 2019-11-14 12:01:54 -04:00
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
Kconfig docs: Kbuild/Makefile: allow check for missing docs at build time 2019-06-07 11:33:16 -06:00
Makefile Kbuild updates for v5.5 2019-12-02 17:35:04 -08:00
SubmittingPatches
asm-annotations.rst Documentation: Call out example SYM_FUNC_* usage as x86-specific 2020-01-16 12:53:16 -07:00
atomic_bitops.txt
atomic_t.txt Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-07-08 16:12:03 -07:00
bus-virt-phys-mapping.txt
conf.py doc-rst: Programmatically render MAINTAINERS into ReST 2019-10-02 10:03:17 -06:00
crc32.txt
debugging-modules.txt
debugging-via-ohci1394.txt
digsig.txt
docutils.conf doc-rst: Add missing newline at end of file 2019-06-20 14:16:56 -06:00
dontdiff modpost: dump missing namespaces into a single modules.nsdeps file 2019-11-11 20:10:01 +09:00
futex-requeue-pi.txt
hwspinlock.txt hwspinlock: add the 'in_atomic' API 2019-06-29 21:08:14 -07:00
index.rst Here's the main documentation changes for 5.5: 2019-12-02 11:51:02 -08:00
io-mapping.txt
io_ordering.txt
irqflags-tracing.txt
kobject.txt
kprobes.txt Merge branch 'parisc-5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2019-05-07 19:34:17 -07:00
kref.txt
logo.gif
lzo.txt
mailbox.txt
memory-barriers.txt smp_mb__{before,after}_atomic(): update Documentation 2020-02-04 03:05:23 +00:00
nommu-mmap.txt
percpu-rw-semaphore.txt
pi-futex.txt docs: locking: convert docs to ReST and rename to *.rst 2019-07-15 08:53:27 -03:00
preempt-locking.txt
rbtree.txt docs: rbtree.txt: fix Sphinx build warnings 2019-07-15 09:20:24 -03:00
remoteproc.txt remoteproc: add vendor resources handling 2019-06-29 12:02:17 -07:00
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
speculation.txt
static-keys.txt
tee.txt Documentation: tee: add AMD-TEE driver details 2020-01-04 13:49:51 +08:00
this_cpu_ops.txt
unaligned-memory-access.txt
xz.txt