From: Paul Moore <paul@paul-moore.com>
To: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-doc@vger.kernel.org, patches@lists.linux.dev,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH] docs: selinux: add '=' signs to kernel boot options
Date: Tue, 1 Mar 2022 12:34:31 -0500 [thread overview]
Message-ID: <CAHC9VhSuzpuEm437SCYC8pf0mU6qdWXRU38sb2+JjVtj-8T4Kw@mail.gmail.com> (raw)
In-Reply-To: <20220301041454.18960-1-rdunlap@infradead.org>
On Mon, Feb 28, 2022 at 11:14 PM Randy Dunlap <rdunlap@infradead.org> wrote:
>
> Provide the full kernel boot option string (with ending '=' sign).
> They won't work without that and that is how other boot options are
> listed.
>
> If used without an '=' sign (as listed here), they cause an "Unknown
> parameters" message and are added to init's argument strings,
> polluting them.
>
> Unknown kernel command line parameters "enforcing checkreqprot
> BOOT_IMAGE=/boot/bzImage-517rc6", will be passed to user space.
>
> Run /sbin/init as init process
> with arguments:
> /sbin/init
> enforcing
> checkreqprot
> with environment:
> HOME=/
> TERM=linux
> BOOT_IMAGE=/boot/bzImage-517rc6
>
> Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
> Cc: Eric Paris <eparis@parisplace.org>
> Cc: selinux@vger.kernel.org
> Cc: Jonathan Corbet <corbet@lwn.net>
> ---
> Documentation/admin-guide/kernel-parameters.txt | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Thanks Randy.
Acked-by: Paul Moore <paul@paul-moore.com>
> --- linux-next-20220228.orig/Documentation/admin-guide/kernel-parameters.txt
> +++ linux-next-20220228/Documentation/admin-guide/kernel-parameters.txt
> @@ -550,7 +550,7 @@
> nosocket -- Disable socket memory accounting.
> nokmem -- Disable kernel memory accounting.
>
> - checkreqprot [SELINUX] Set initial checkreqprot flag value.
> + checkreqprot= [SELINUX] Set initial checkreqprot flag value.
> Format: { "0" | "1" }
> See security/selinux/Kconfig help text.
> 0 -- check protection applied by kernel (includes
> @@ -1409,7 +1409,7 @@
> (in particular on some ATI chipsets).
> The kernel tries to set a reasonable default.
>
> - enforcing [SELINUX] Set initial enforcing status.
> + enforcing= [SELINUX] Set initial enforcing status.
> Format: {"0" | "1"}
> See security/selinux/Kconfig help text.
> 0 -- permissive (log only, no denials).
--
paul-moore.com
next prev parent reply other threads:[~2022-03-01 17:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 4:14 [PATCH] docs: selinux: add '=' signs to kernel boot options Randy Dunlap
2022-03-01 17:34 ` Paul Moore [this message]
2022-06-13 19:02 ` Paul Moore
2022-06-13 19:23 ` Jonathan Corbet
2022-06-13 20:12 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhSuzpuEm437SCYC8pf0mU6qdWXRU38sb2+JjVtj-8T4Kw@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=corbet@lwn.net \
--cc=eparis@parisplace.org \
--cc=linux-doc@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=rdunlap@infradead.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.