* [PATCH] docs: selinux: add '=' signs to kernel boot options
@ 2022-03-01 4:14 Randy Dunlap
2022-03-01 17:34 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: Randy Dunlap @ 2022-03-01 4:14 UTC (permalink / raw)
To: linux-doc
Cc: patches, Randy Dunlap, Paul Moore, Stephen Smalley, Eric Paris,
selinux, Jonathan Corbet
Provide the full kernel boot option string (with ending '=' sign).
They won't work without that and that is how other boot options are
listed.
If used without an '=' sign (as listed here), they cause an "Unknown
parameters" message and are added to init's argument strings,
polluting them.
Unknown kernel command line parameters "enforcing checkreqprot
BOOT_IMAGE=/boot/bzImage-517rc6", will be passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
enforcing
checkreqprot
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc6
Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: selinux@vger.kernel.org
Cc: Jonathan Corbet <corbet@lwn.net>
---
Documentation/admin-guide/kernel-parameters.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- linux-next-20220228.orig/Documentation/admin-guide/kernel-parameters.txt
+++ linux-next-20220228/Documentation/admin-guide/kernel-parameters.txt
@@ -550,7 +550,7 @@
nosocket -- Disable socket memory accounting.
nokmem -- Disable kernel memory accounting.
- checkreqprot [SELINUX] Set initial checkreqprot flag value.
+ checkreqprot= [SELINUX] Set initial checkreqprot flag value.
Format: { "0" | "1" }
See security/selinux/Kconfig help text.
0 -- check protection applied by kernel (includes
@@ -1409,7 +1409,7 @@
(in particular on some ATI chipsets).
The kernel tries to set a reasonable default.
- enforcing [SELINUX] Set initial enforcing status.
+ enforcing= [SELINUX] Set initial enforcing status.
Format: {"0" | "1"}
See security/selinux/Kconfig help text.
0 -- permissive (log only, no denials).
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] docs: selinux: add '=' signs to kernel boot options
2022-03-01 4:14 [PATCH] docs: selinux: add '=' signs to kernel boot options Randy Dunlap
@ 2022-03-01 17:34 ` Paul Moore
2022-06-13 19:02 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: Paul Moore @ 2022-03-01 17:34 UTC (permalink / raw)
To: Randy Dunlap
Cc: linux-doc, patches, Stephen Smalley, Eric Paris, selinux,
Jonathan Corbet
On Mon, Feb 28, 2022 at 11:14 PM Randy Dunlap <rdunlap@infradead.org> wrote:
>
> Provide the full kernel boot option string (with ending '=' sign).
> They won't work without that and that is how other boot options are
> listed.
>
> If used without an '=' sign (as listed here), they cause an "Unknown
> parameters" message and are added to init's argument strings,
> polluting them.
>
> Unknown kernel command line parameters "enforcing checkreqprot
> BOOT_IMAGE=/boot/bzImage-517rc6", will be passed to user space.
>
> Run /sbin/init as init process
> with arguments:
> /sbin/init
> enforcing
> checkreqprot
> with environment:
> HOME=/
> TERM=linux
> BOOT_IMAGE=/boot/bzImage-517rc6
>
> Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
> Cc: Eric Paris <eparis@parisplace.org>
> Cc: selinux@vger.kernel.org
> Cc: Jonathan Corbet <corbet@lwn.net>
> ---
> Documentation/admin-guide/kernel-parameters.txt | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Thanks Randy.
Acked-by: Paul Moore <paul@paul-moore.com>
> --- linux-next-20220228.orig/Documentation/admin-guide/kernel-parameters.txt
> +++ linux-next-20220228/Documentation/admin-guide/kernel-parameters.txt
> @@ -550,7 +550,7 @@
> nosocket -- Disable socket memory accounting.
> nokmem -- Disable kernel memory accounting.
>
> - checkreqprot [SELINUX] Set initial checkreqprot flag value.
> + checkreqprot= [SELINUX] Set initial checkreqprot flag value.
> Format: { "0" | "1" }
> See security/selinux/Kconfig help text.
> 0 -- check protection applied by kernel (includes
> @@ -1409,7 +1409,7 @@
> (in particular on some ATI chipsets).
> The kernel tries to set a reasonable default.
>
> - enforcing [SELINUX] Set initial enforcing status.
> + enforcing= [SELINUX] Set initial enforcing status.
> Format: {"0" | "1"}
> See security/selinux/Kconfig help text.
> 0 -- permissive (log only, no denials).
--
paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] docs: selinux: add '=' signs to kernel boot options
2022-03-01 17:34 ` Paul Moore
@ 2022-06-13 19:02 ` Paul Moore
2022-06-13 19:23 ` Jonathan Corbet
0 siblings, 1 reply; 5+ messages in thread
From: Paul Moore @ 2022-06-13 19:02 UTC (permalink / raw)
To: Randy Dunlap
Cc: linux-doc, patches, Stephen Smalley, Eric Paris, selinux,
Jonathan Corbet
On Tue, Mar 1, 2022 at 12:34 PM Paul Moore <paul@paul-moore.com> wrote:
> On Mon, Feb 28, 2022 at 11:14 PM Randy Dunlap <rdunlap@infradead.org> wrote:
> >
> > Provide the full kernel boot option string (with ending '=' sign).
> > They won't work without that and that is how other boot options are
> > listed.
> >
> > If used without an '=' sign (as listed here), they cause an "Unknown
> > parameters" message and are added to init's argument strings,
> > polluting them.
> >
> > Unknown kernel command line parameters "enforcing checkreqprot
> > BOOT_IMAGE=/boot/bzImage-517rc6", will be passed to user space.
> >
> > Run /sbin/init as init process
> > with arguments:
> > /sbin/init
> > enforcing
> > checkreqprot
> > with environment:
> > HOME=/
> > TERM=linux
> > BOOT_IMAGE=/boot/bzImage-517rc6
> >
> > Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
> > Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
> > Cc: Paul Moore <paul@paul-moore.com>
> > Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
> > Cc: Eric Paris <eparis@parisplace.org>
> > Cc: selinux@vger.kernel.org
> > Cc: Jonathan Corbet <corbet@lwn.net>
> > ---
> > Documentation/admin-guide/kernel-parameters.txt | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
>
> Thanks Randy.
>
> Acked-by: Paul Moore <paul@paul-moore.com>
I assumed the doc folks would have picked this up but I don't see it
in the tree so I'm going to pull it into the selinux/next tree right
now. Thanks again Randy, I'm sorry for the delay.
--
paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] docs: selinux: add '=' signs to kernel boot options
2022-06-13 19:02 ` Paul Moore
@ 2022-06-13 19:23 ` Jonathan Corbet
2022-06-13 20:12 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: Jonathan Corbet @ 2022-06-13 19:23 UTC (permalink / raw)
To: Paul Moore, Randy Dunlap
Cc: linux-doc, patches, Stephen Smalley, Eric Paris, selinux
Paul Moore <paul@paul-moore.com> writes:
> I assumed the doc folks would have picked this up but I don't see it
> in the tree so I'm going to pull it into the selinux/next tree right
> now. Thanks again Randy, I'm sorry for the delay.
Sorry, the "doc folks" have learned that, in general, folks in the
security subsystems prefer to carry their own patches upward, so I
assumed this one was taken care of. If you'd rather I picked up SELinux
documentation patches, I'd be glad to do so.
Thanks,
jon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] docs: selinux: add '=' signs to kernel boot options
2022-06-13 19:23 ` Jonathan Corbet
@ 2022-06-13 20:12 ` Paul Moore
0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2022-06-13 20:12 UTC (permalink / raw)
To: Jonathan Corbet
Cc: Randy Dunlap, linux-doc, patches, Stephen Smalley, Eric Paris, selinux
On Mon, Jun 13, 2022 at 3:23 PM Jonathan Corbet <corbet@lwn.net> wrote:
> Paul Moore <paul@paul-moore.com> writes:
>
> > I assumed the doc folks would have picked this up but I don't see it
> > in the tree so I'm going to pull it into the selinux/next tree right
> > now. Thanks again Randy, I'm sorry for the delay.
>
> Sorry, the "doc folks" have learned that, in general, folks in the
> security subsystems prefer to carry their own patches upward, so I
> assumed this one was taken care of. If you'd rather I picked up SELinux
> documentation patches, I'd be glad to do so.
Hi Jon,
I don't care much either way, as long as Linus' tree is correct I'm
happy. In this particular case there were no changes under
security/selinux so I assumed that the "doc folks" would merge it; I
have similar assumptions regarding other subsystems when it comes to
SELinux adjacent patches. However, we all know the old joke about
making assumptions, so I generally keep tracking those patches for a
while and apply them myself if the other subsystems do not.
Generally speaking, if I add an Acked-by for a patch I'm not expecting
to merge that patch (hence the ACK to let the other maintainer know
I'm okay with the patch). Otherwise I'll merge the patch and send a
reply to the thread that it has been merged into the relevant SELinux
branch.
--
paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-06-13 20:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-01 4:14 [PATCH] docs: selinux: add '=' signs to kernel boot options Randy Dunlap
2022-03-01 17:34 ` Paul Moore
2022-06-13 19:02 ` Paul Moore
2022-06-13 19:23 ` Jonathan Corbet
2022-06-13 20:12 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.