From: Randy Dunlap <rdunlap@infradead.org>
To: linux-doc@vger.kernel.org
Cc: patches@lists.linux.dev, Randy Dunlap <rdunlap@infradead.org>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>
Subject: [PATCH] docs: selinux: add '=' signs to kernel boot options
Date: Mon, 28 Feb 2022 20:14:54 -0800 [thread overview]
Message-ID: <20220301041454.18960-1-rdunlap@infradead.org> (raw)
Provide the full kernel boot option string (with ending '=' sign).
They won't work without that and that is how other boot options are
listed.
If used without an '=' sign (as listed here), they cause an "Unknown
parameters" message and are added to init's argument strings,
polluting them.
Unknown kernel command line parameters "enforcing checkreqprot
BOOT_IMAGE=/boot/bzImage-517rc6", will be passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
enforcing
checkreqprot
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc6
Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: selinux@vger.kernel.org
Cc: Jonathan Corbet <corbet@lwn.net>
---
Documentation/admin-guide/kernel-parameters.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- linux-next-20220228.orig/Documentation/admin-guide/kernel-parameters.txt
+++ linux-next-20220228/Documentation/admin-guide/kernel-parameters.txt
@@ -550,7 +550,7 @@
nosocket -- Disable socket memory accounting.
nokmem -- Disable kernel memory accounting.
- checkreqprot [SELINUX] Set initial checkreqprot flag value.
+ checkreqprot= [SELINUX] Set initial checkreqprot flag value.
Format: { "0" | "1" }
See security/selinux/Kconfig help text.
0 -- check protection applied by kernel (includes
@@ -1409,7 +1409,7 @@
(in particular on some ATI chipsets).
The kernel tries to set a reasonable default.
- enforcing [SELINUX] Set initial enforcing status.
+ enforcing= [SELINUX] Set initial enforcing status.
Format: {"0" | "1"}
See security/selinux/Kconfig help text.
0 -- permissive (log only, no denials).
next reply other threads:[~2022-03-01 4:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 4:14 Randy Dunlap [this message]
2022-03-01 17:34 ` [PATCH] docs: selinux: add '=' signs to kernel boot options Paul Moore
2022-06-13 19:02 ` Paul Moore
2022-06-13 19:23 ` Jonathan Corbet
2022-06-13 20:12 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220301041454.18960-1-rdunlap@infradead.org \
--to=rdunlap@infradead.org \
--cc=corbet@lwn.net \
--cc=eparis@parisplace.org \
--cc=linux-doc@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.