Documentation,selinux: fix references to old selinuxfs mount point (d41415eb) · Commits · jan.koester / Linux

Documentation/admin-guide/kernel-parameters.txt

+4 −5

Original line number	Original line	Diff line number	Diff line
	@@ -511,7 +511,7 @@
	1 -- check protection requested by application.		1 -- check protection requested by application.
	Default value is set via a kernel config option.		Default value is set via a kernel config option.
	Value can be changed at runtime via		Value can be changed at runtime via
	/selinux/checkreqprot.		/sys/fs/selinux/checkreqprot.

	cio_ignore= [S390]		cio_ignore= [S390]
	See Documentation/s390/common_io.rst for details.		See Documentation/s390/common_io.rst for details.
	@@ -1245,7 +1245,8 @@
	0 -- permissive (log only, no denials).		0 -- permissive (log only, no denials).
	1 -- enforcing (deny and log).		1 -- enforcing (deny and log).
	Default value is 0.		Default value is 0.
	Value can be changed at runtime via /selinux/enforce.		Value can be changed at runtime via
			/sys/fs/selinux/enforce.

	erst_disable [ACPI]		erst_disable [ACPI]
	Disable Error Record Serialization Table (ERST)		Disable Error Record Serialization Table (ERST)
	@@ -4348,9 +4349,7 @@
	See security/selinux/Kconfig help text.		See security/selinux/Kconfig help text.
	0 -- disable.		0 -- disable.
	1 -- enable.		1 -- enable.
	Default value is set via kernel config option.		Default value is 1.
	If enabled at boot time, /selinux/disable can be used
	later to disable prior to initial policy load.

	apparmor= [APPARMOR] Disable or enable AppArmor at boot time		apparmor= [APPARMOR] Disable or enable AppArmor at boot time
	Format: { "0" \| "1" }		Format: { "0" \| "1" }

security/selinux/Kconfig

+4 −3

Original line number	Original line	Diff line number	Diff line
	@@ -58,7 +58,8 @@ config SECURITY_SELINUX_DEVELOP
	kernel will start in permissive mode (log everything, deny nothing)		kernel will start in permissive mode (log everything, deny nothing)
	unless you specify enforcing=1 on the kernel command line. You		unless you specify enforcing=1 on the kernel command line. You
	can interactively toggle the kernel between enforcing mode and		can interactively toggle the kernel between enforcing mode and
	permissive mode (if permitted by the policy) via /selinux/enforce.		permissive mode (if permitted by the policy) via
			/sys/fs/selinux/enforce.

	config SECURITY_SELINUX_AVC_STATS		config SECURITY_SELINUX_AVC_STATS
	bool "NSA SELinux AVC Statistics"		bool "NSA SELinux AVC Statistics"
	@@ -66,7 +67,7 @@ config SECURITY_SELINUX_AVC_STATS
	default y		default y
	help		help
	This option collects access vector cache statistics to		This option collects access vector cache statistics to
	/selinux/avc/cache_stats, which may be monitored via		/sys/fs/selinux/avc/cache_stats, which may be monitored via
	tools such as avcstat.		tools such as avcstat.

	config SECURITY_SELINUX_CHECKREQPROT_VALUE		config SECURITY_SELINUX_CHECKREQPROT_VALUE
	@@ -85,7 +86,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
	default to checking the protection requested by the application.		default to checking the protection requested by the application.
	The checkreqprot flag may be changed from the default via the		The checkreqprot flag may be changed from the default via the
	'checkreqprot=' boot parameter. It may also be changed at runtime		'checkreqprot=' boot parameter. It may also be changed at runtime
	via /selinux/checkreqprot if authorized by policy.		via /sys/fs/selinux/checkreqprot if authorized by policy.

	If you are unsure how to answer this question, answer 0.		If you are unsure how to answer this question, answer 0.