config SECURITY_LOADPIN bool "Pin load of kernel files (modules, fw, etc) to one filesystem" depends on SECURITY && BLOCK help Any files read through the kernel file reading interface (kernel modules, firmware, kexec images, security policy) can be pinned to the first filesystem used for loading. When enabled, any files that come from other filesystems will be rejected. This is best used on systems without an initrd that have a root filesystem backed by a read-only device such as dm-verity or a CDROM. config SECURITY_LOADPIN_ENABLED bool "Enforce LoadPin at boot" depends on SECURITY_LOADPIN help If selected, LoadPin will enforce pinning at boot. If not selected, it can be enabled at boot with the kernel parameter "loadpin.enabled=1". > index : net-next.git
net-next plumbingsTobias Klauser
summaryrefslogtreecommitdiff
path: root/net/decnet
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-01-05 23:06:06 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-01-05 23:06:06 -0800
commit6989606a7224a2d5a925df22a49e4f7a0bfed0d6 (patch)
tree2fb686a4dea9a7f4beec97fde510f2840c8e06f9 /net/decnet
parented40875dd4b4c7b5c991db9e06c984180ab0b3ce (diff)
parentbe29d20f3f5db1f0b4e49a4f6eeedf840e2bf9b1 (diff)
Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit
Pull audit fixes from Paul Moore: "Two small fixes relating to audit's use of fsnotify. The first patch plugs a leak and the second fixes some lock shenanigans. The patches are small and I banged on this for an afternoon with our testsuite and didn't see anything odd" * 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit: audit: Fix sleep in atomic fsnotify: Remove fsnotify_duplicate_mark()
Diffstat (limited to 'net/decnet')