diff options
| author | Stephen D. Smalley <sds@tycho.nsa.gov> | 2005-03-09 16:28:44 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-03-09 16:28:44 -0800 |
| commit | 78b96d12feb4384b623d4e31876d909983978ebf (patch) | |
| tree | c548cc8994da455e40488271048f3d6fb6583cd4 | |
| parent | 65e05719ebd5107c82b40f8d2f2dba0964cac61f (diff) | |
[PATCH] SELinux: document boot options
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| -rw-r--r-- | Documentation/kernel-parameters.txt | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 83cbec37f34e..8d5f5adce5a1 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -67,6 +67,7 @@ restrictions referred to are that the relevant option is valid if: SCSI Appropriate SCSI support is enabled. A lot of drivers has their options described inside of Documentation/scsi/. + SELINUX SELinux support is enabled. SERIAL Serial support is enabled. SMP The kernel is an SMP kernel. SPARC Sparc architecture is enabled. @@ -295,6 +296,14 @@ running once the system is up. See header of drivers/cdrom/cdu31a.c. chandev= [HW,NET] Generic channel device initialisation + + checkreqprot [SELINUX] Set initial checkreqprot flag value. + Format: { "0" | "1" } + See security/selinux/Kconfig help text. + 0 -- check protection applied by kernel (includes any implied execute protection). + 1 -- check protection requested by application. + Default value is set via a kernel config option. + Value can be changed at runtime via /selinux/checkreqprot. clock= [BUGS=IA-32, HW] gettimeofday timesource override. Forces specified timesource (if avaliable) to be used @@ -435,6 +444,14 @@ running once the system is up. See Documentation/block/as-iosched.txt and Documentation/block/deadline-iosched.txt for details. + enforcing [SELINUX] Set initial enforcing status. + Format: {"0" | "1"} + See security/selinux/Kconfig help text. + 0 -- permissive (log only, no denials). + 1 -- enforcing (deny and log). + Default value is 0. + Value can be changed at runtime via /selinux/enforce. + es1370= [HW,OSS] Format: <lineout>[,<micbias>] See also header of sound/oss/es1370.c. @@ -1160,6 +1177,15 @@ running once the system is up. scsi_logging= [SCSI] + selinux [SELINUX] Disable or enable SELinux at boot time. + Format: { "0" | "1" } + See security/selinux/Kconfig help text. + 0 -- disable. + 1 -- enable. + Default value is set via kernel config option. + If enabled at boot time, /selinux/disable can be used + later to disable prior to initial policy load. + serialnumber [BUGS=IA-32] sf16fm= [HW] SF16FMI radio driver for Linux |