From: Randy Dunlap <rdunlap@infradead.org>
To: linux-doc@vger.kernel.org
Cc: patches@lists.linux.dev, Randy Dunlap <rdunlap@infradead.org>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>
Subject: [PATCH] docs: selinux: add '=' signs to kernel boot options
Date: Mon, 28 Feb 2022 20:14:54 -0800 [thread overview]
Message-ID: <20220301041454.18960-1-rdunlap@infradead.org> (raw)
Provide the full kernel boot option string (with ending '=' sign).
They won't work without that and that is how other boot options are
listed.
If used without an '=' sign (as listed here), they cause an "Unknown
parameters" message and are added to init's argument strings,
polluting them.
Unknown kernel command line parameters "enforcing checkreqprot
BOOT_IMAGE=/boot/bzImage-517rc6", will be passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
enforcing
checkreqprot
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc6
Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: selinux@vger.kernel.org
Cc: Jonathan Corbet <corbet@lwn.net>
---
Documentation/admin-guide/kernel-parameters.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- linux-next-20220228.orig/Documentation/admin-guide/kernel-parameters.txt
+++ linux-next-20220228/Documentation/admin-guide/kernel-parameters.txt
@@ -550,7 +550,7 @@
nosocket -- Disable socket memory accounting.
nokmem -- Disable kernel memory accounting.
- checkreqprot [SELINUX] Set initial checkreqprot flag value.
+ checkreqprot= [SELINUX] Set initial checkreqprot flag value.
Format: { "0" | "1" }
See security/selinux/Kconfig help text.
0 -- check protection applied by kernel (includes
@@ -1409,7 +1409,7 @@
(in particular on some ATI chipsets).
The kernel tries to set a reasonable default.
- enforcing [SELINUX] Set initial enforcing status.
+ enforcing= [SELINUX] Set initial enforcing status.
Format: {"0" | "1"}
See security/selinux/Kconfig help text.
0 -- permissive (log only, no denials).
next reply other threads:[~2022-03-01 4:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 4:14 Randy Dunlap [this message]
2022-03-01 17:34 ` Paul Moore
2022-06-13 19:02 ` Paul Moore
2022-06-13 19:23 ` Jonathan Corbet
2022-06-13 20:12 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220301041454.18960-1-rdunlap@infradead.org \
--to=rdunlap@infradead.org \
--cc=corbet@lwn.net \
--cc=eparis@parisplace.org \
--cc=linux-doc@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--subject='Re: [PATCH] docs: selinux: add '\''='\'' signs to kernel boot options' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.