diff options
23 files changed, 43 insertions, 27 deletions
diff --git a/Documentation/00-INDEX b/Documentation/00-INDEX index 1b777b960492..1f89424c36a6 100644 --- a/Documentation/00-INDEX +++ b/Documentation/00-INDEX | |||
@@ -192,10 +192,6 @@ kernel-docs.txt | |||
192 | - listing of various WWW + books that document kernel internals. | 192 | - listing of various WWW + books that document kernel internals. |
193 | kernel-parameters.txt | 193 | kernel-parameters.txt |
194 | - summary listing of command line / boot prompt args for the kernel. | 194 | - summary listing of command line / boot prompt args for the kernel. |
195 | keys-request-key.txt | ||
196 | - description of the kernel key request service. | ||
197 | keys.txt | ||
198 | - description of the kernel key retention service. | ||
199 | kobject.txt | 195 | kobject.txt |
200 | - info of the kobject infrastructure of the Linux kernel. | 196 | - info of the kobject infrastructure of the Linux kernel. |
201 | kprobes.txt | 197 | kprobes.txt |
@@ -294,6 +290,8 @@ scheduler/ | |||
294 | - directory with info on the scheduler. | 290 | - directory with info on the scheduler. |
295 | scsi/ | 291 | scsi/ |
296 | - directory with info on Linux scsi support. | 292 | - directory with info on Linux scsi support. |
293 | security/ | ||
294 | - directory that contains security-related info | ||
297 | serial/ | 295 | serial/ |
298 | - directory with info on the low level serial API. | 296 | - directory with info on the low level serial API. |
299 | serial-console.txt | 297 | serial-console.txt |
diff --git a/Documentation/filesystems/nfs/idmapper.txt b/Documentation/filesystems/nfs/idmapper.txt index b9b4192ea8b5..9c8fd6148656 100644 --- a/Documentation/filesystems/nfs/idmapper.txt +++ b/Documentation/filesystems/nfs/idmapper.txt | |||
@@ -47,8 +47,8 @@ request-key will find the first matching line and corresponding program. In | |||
47 | this case, /some/other/program will handle all uid lookups and | 47 | this case, /some/other/program will handle all uid lookups and |
48 | /usr/sbin/nfs.idmap will handle gid, user, and group lookups. | 48 | /usr/sbin/nfs.idmap will handle gid, user, and group lookups. |
49 | 49 | ||
50 | See <file:Documentation/keys-request-keys.txt> for more information about the | 50 | See <file:Documentation/security/keys-request-keys.txt> for more information |
51 | request-key function. | 51 | about the request-key function. |
52 | 52 | ||
53 | 53 | ||
54 | ========= | 54 | ========= |
diff --git a/Documentation/networking/dns_resolver.txt b/Documentation/networking/dns_resolver.txt index 04ca06325b08..7f531ad83285 100644 --- a/Documentation/networking/dns_resolver.txt +++ b/Documentation/networking/dns_resolver.txt | |||
@@ -139,8 +139,8 @@ the key will be discarded and recreated when the data it holds has expired. | |||
139 | dns_query() returns a copy of the value attached to the key, or an error if | 139 | dns_query() returns a copy of the value attached to the key, or an error if |
140 | that is indicated instead. | 140 | that is indicated instead. |
141 | 141 | ||
142 | See <file:Documentation/keys-request-key.txt> for further information about | 142 | See <file:Documentation/security/keys-request-key.txt> for further |
143 | request-key function. | 143 | information about request-key function. |
144 | 144 | ||
145 | 145 | ||
146 | ========= | 146 | ========= |
diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX new file mode 100644 index 000000000000..19bc49439cac --- /dev/null +++ b/Documentation/security/00-INDEX | |||
@@ -0,0 +1,18 @@ | |||
1 | 00-INDEX | ||
2 | - this file. | ||
3 | SELinux.txt | ||
4 | - how to get started with the SELinux security enhancement. | ||
5 | Smack.txt | ||
6 | - documentation on the Smack Linux Security Module. | ||
7 | apparmor.txt | ||
8 | - documentation on the AppArmor security extension. | ||
9 | credentials.txt | ||
10 | - documentation about credentials in Linux. | ||
11 | keys-request-key.txt | ||
12 | - description of the kernel key request service. | ||
13 | keys-trusted-encrypted.txt | ||
14 | - info on the Trusted and Encrypted keys in the kernel key ring service. | ||
15 | keys.txt | ||
16 | - description of the kernel key retention service. | ||
17 | tomoyo.txt | ||
18 | - documentation on the TOMOYO Linux Security Module. | ||
diff --git a/Documentation/SELinux.txt b/Documentation/security/SELinux.txt index 07eae00f3314..07eae00f3314 100644 --- a/Documentation/SELinux.txt +++ b/Documentation/security/SELinux.txt | |||
diff --git a/Documentation/Smack.txt b/Documentation/security/Smack.txt index e9dab41c0fe0..e9dab41c0fe0 100644 --- a/Documentation/Smack.txt +++ b/Documentation/security/Smack.txt | |||
diff --git a/Documentation/apparmor.txt b/Documentation/security/apparmor.txt index 93c1fd7d0635..93c1fd7d0635 100644 --- a/Documentation/apparmor.txt +++ b/Documentation/security/apparmor.txt | |||
diff --git a/Documentation/credentials.txt b/Documentation/security/credentials.txt index 995baf379c07..fc0366cbd7ce 100644 --- a/Documentation/credentials.txt +++ b/Documentation/security/credentials.txt | |||
@@ -216,7 +216,7 @@ The Linux kernel supports the following types of credentials: | |||
216 | When a process accesses a key, if not already present, it will normally be | 216 | When a process accesses a key, if not already present, it will normally be |
217 | cached on one of these keyrings for future accesses to find. | 217 | cached on one of these keyrings for future accesses to find. |
218 | 218 | ||
219 | For more information on using keys, see Documentation/keys.txt. | 219 | For more information on using keys, see Documentation/security/keys.txt. |
220 | 220 | ||
221 | (5) LSM | 221 | (5) LSM |
222 | 222 | ||
diff --git a/Documentation/keys-request-key.txt b/Documentation/security/keys-request-key.txt index 69686ad12c66..51987bfecfed 100644 --- a/Documentation/keys-request-key.txt +++ b/Documentation/security/keys-request-key.txt | |||
@@ -3,8 +3,8 @@ | |||
3 | =================== | 3 | =================== |
4 | 4 | ||
5 | The key request service is part of the key retention service (refer to | 5 | The key request service is part of the key retention service (refer to |
6 | Documentation/keys.txt). This document explains more fully how the requesting | 6 | Documentation/security/keys.txt). This document explains more fully how |
7 | algorithm works. | 7 | the requesting algorithm works. |
8 | 8 | ||
9 | The process starts by either the kernel requesting a service by calling | 9 | The process starts by either the kernel requesting a service by calling |
10 | request_key*(): | 10 | request_key*(): |
diff --git a/Documentation/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt index 8fb79bc1ac4b..8fb79bc1ac4b 100644 --- a/Documentation/keys-trusted-encrypted.txt +++ b/Documentation/security/keys-trusted-encrypted.txt | |||
diff --git a/Documentation/keys.txt b/Documentation/security/keys.txt index 6523a9e6f293..4d75931d2d79 100644 --- a/Documentation/keys.txt +++ b/Documentation/security/keys.txt | |||
@@ -434,7 +434,7 @@ The main syscalls are: | |||
434 | /sbin/request-key will be invoked in an attempt to obtain a key. The | 434 | /sbin/request-key will be invoked in an attempt to obtain a key. The |
435 | callout_info string will be passed as an argument to the program. | 435 | callout_info string will be passed as an argument to the program. |
436 | 436 | ||
437 | See also Documentation/keys-request-key.txt. | 437 | See also Documentation/security/keys-request-key.txt. |
438 | 438 | ||
439 | 439 | ||
440 | The keyctl syscall functions are: | 440 | The keyctl syscall functions are: |
@@ -864,7 +864,7 @@ payload contents" for more information. | |||
864 | If successful, the key will have been attached to the default keyring for | 864 | If successful, the key will have been attached to the default keyring for |
865 | implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING. | 865 | implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING. |
866 | 866 | ||
867 | See also Documentation/keys-request-key.txt. | 867 | See also Documentation/security/keys-request-key.txt. |
868 | 868 | ||
869 | 869 | ||
870 | (*) To search for a key, passing auxiliary data to the upcaller, call: | 870 | (*) To search for a key, passing auxiliary data to the upcaller, call: |
diff --git a/Documentation/tomoyo.txt b/Documentation/security/tomoyo.txt index 200a2d37cbc8..200a2d37cbc8 100644 --- a/Documentation/tomoyo.txt +++ b/Documentation/security/tomoyo.txt | |||
diff --git a/MAINTAINERS b/MAINTAINERS index 572b5b20ba48..a6562ba1dc35 100644 --- a/MAINTAINERS +++ b/MAINTAINERS | |||
@@ -3726,7 +3726,7 @@ KEYS/KEYRINGS: | |||
3726 | M: David Howells <dhowells@redhat.com> | 3726 | M: David Howells <dhowells@redhat.com> |
3727 | L: keyrings@linux-nfs.org | 3727 | L: keyrings@linux-nfs.org |
3728 | S: Maintained | 3728 | S: Maintained |
3729 | F: Documentation/keys.txt | 3729 | F: Documentation/security/keys.txt |
3730 | F: include/linux/key.h | 3730 | F: include/linux/key.h |
3731 | F: include/linux/key-type.h | 3731 | F: include/linux/key-type.h |
3732 | F: include/keys/ | 3732 | F: include/keys/ |
@@ -3738,7 +3738,7 @@ M: Mimi Zohar <zohar@us.ibm.com> | |||
3738 | L: linux-security-module@vger.kernel.org | 3738 | L: linux-security-module@vger.kernel.org |
3739 | L: keyrings@linux-nfs.org | 3739 | L: keyrings@linux-nfs.org |
3740 | S: Supported | 3740 | S: Supported |
3741 | F: Documentation/keys-trusted-encrypted.txt | 3741 | F: Documentation/security/keys-trusted-encrypted.txt |
3742 | F: include/keys/trusted-type.h | 3742 | F: include/keys/trusted-type.h |
3743 | F: security/keys/trusted.c | 3743 | F: security/keys/trusted.c |
3744 | F: security/keys/trusted.h | 3744 | F: security/keys/trusted.h |
@@ -3749,7 +3749,7 @@ M: David Safford <safford@watson.ibm.com> | |||
3749 | L: linux-security-module@vger.kernel.org | 3749 | L: linux-security-module@vger.kernel.org |
3750 | L: keyrings@linux-nfs.org | 3750 | L: keyrings@linux-nfs.org |
3751 | S: Supported | 3751 | S: Supported |
3752 | F: Documentation/keys-trusted-encrypted.txt | 3752 | F: Documentation/security/keys-trusted-encrypted.txt |
3753 | F: include/keys/encrypted-type.h | 3753 | F: include/keys/encrypted-type.h |
3754 | F: security/keys/encrypted.c | 3754 | F: security/keys/encrypted.c |
3755 | F: security/keys/encrypted.h | 3755 | F: security/keys/encrypted.h |
diff --git a/include/linux/cred.h b/include/linux/cred.h index be16b61283cc..82607992f308 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* Credentials management - see Documentation/credentials.txt | 1 | /* Credentials management - see Documentation/security/credentials.txt |
2 | * | 2 | * |
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
diff --git a/include/linux/key.h b/include/linux/key.h index ef19b99aff98..6ea4eebd3467 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
@@ -9,7 +9,7 @@ | |||
9 | * 2 of the License, or (at your option) any later version. | 9 | * 2 of the License, or (at your option) any later version. |
10 | * | 10 | * |
11 | * | 11 | * |
12 | * See Documentation/keys.txt for information on keys/keyrings. | 12 | * See Documentation/security/keys.txt for information on keys/keyrings. |
13 | */ | 13 | */ |
14 | 14 | ||
15 | #ifndef _LINUX_KEY_H | 15 | #ifndef _LINUX_KEY_H |
diff --git a/kernel/cred.c b/kernel/cred.c index e12c8af793f8..174fa84eca30 100644 --- a/kernel/cred.c +++ b/kernel/cred.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* Task credentials management - see Documentation/credentials.txt | 1 | /* Task credentials management - see Documentation/security/credentials.txt |
2 | * | 2 | * |
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
diff --git a/scripts/selinux/README b/scripts/selinux/README index a936315ba2c8..4d020ecb7524 100644 --- a/scripts/selinux/README +++ b/scripts/selinux/README | |||
@@ -1,2 +1,2 @@ | |||
1 | Please see Documentation/SELinux.txt for information on | 1 | Please see Documentation/security/SELinux.txt for information on |
2 | installing a dummy SELinux policy. | 2 | installing a dummy SELinux policy. |
diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 06d764ccbbe5..94de6b4907c8 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c | |||
@@ -194,7 +194,7 @@ void aa_dfa_free_kref(struct kref *kref) | |||
194 | * @flags: flags controlling what type of accept tables are acceptable | 194 | * @flags: flags controlling what type of accept tables are acceptable |
195 | * | 195 | * |
196 | * Unpack a dfa that has been serialized. To find information on the dfa | 196 | * Unpack a dfa that has been serialized. To find information on the dfa |
197 | * format look in Documentation/apparmor.txt | 197 | * format look in Documentation/security/apparmor.txt |
198 | * Assumes the dfa @blob stream has been aligned on a 8 byte boundary | 198 | * Assumes the dfa @blob stream has been aligned on a 8 byte boundary |
199 | * | 199 | * |
200 | * Returns: an unpacked dfa ready for matching or ERR_PTR on failure | 200 | * Returns: an unpacked dfa ready for matching or ERR_PTR on failure |
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index e33aaf7e5744..d6d9a57b5652 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c | |||
@@ -12,8 +12,8 @@ | |||
12 | * published by the Free Software Foundation, version 2 of the | 12 | * published by the Free Software Foundation, version 2 of the |
13 | * License. | 13 | * License. |
14 | * | 14 | * |
15 | * AppArmor uses a serialized binary format for loading policy. | 15 | * AppArmor uses a serialized binary format for loading policy. To find |
16 | * To find policy format documentation look in Documentation/apparmor.txt | 16 | * policy format documentation look in Documentation/security/apparmor.txt |
17 | * All policy is validated before it is used. | 17 | * All policy is validated before it is used. |
18 | */ | 18 | */ |
19 | 19 | ||
diff --git a/security/keys/encrypted.c b/security/keys/encrypted.c index 69907a58a683..b1cba5bf0a5e 100644 --- a/security/keys/encrypted.c +++ b/security/keys/encrypted.c | |||
@@ -8,7 +8,7 @@ | |||
8 | * it under the terms of the GNU General Public License as published by | 8 | * it under the terms of the GNU General Public License as published by |
9 | * the Free Software Foundation, version 2 of the License. | 9 | * the Free Software Foundation, version 2 of the License. |
10 | * | 10 | * |
11 | * See Documentation/keys-trusted-encrypted.txt | 11 | * See Documentation/security/keys-trusted-encrypted.txt |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/uaccess.h> | 14 | #include <linux/uaccess.h> |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index b18a71745901..d31862e0aa1c 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -8,7 +8,7 @@ | |||
8 | * as published by the Free Software Foundation; either version | 8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. | 9 | * 2 of the License, or (at your option) any later version. |
10 | * | 10 | * |
11 | * See Documentation/keys-request-key.txt | 11 | * See Documentation/security/keys-request-key.txt |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/module.h> | 14 | #include <linux/module.h> |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index f6337c9082eb..6cff37529b80 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
@@ -8,7 +8,7 @@ | |||
8 | * as published by the Free Software Foundation; either version | 8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. | 9 | * 2 of the License, or (at your option) any later version. |
10 | * | 10 | * |
11 | * See Documentation/keys-request-key.txt | 11 | * See Documentation/security/keys-request-key.txt |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/module.h> | 14 | #include <linux/module.h> |
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index c99b9368368c..0c33e2ea1f3c 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c | |||
@@ -8,7 +8,7 @@ | |||
8 | * it under the terms of the GNU General Public License as published by | 8 | * it under the terms of the GNU General Public License as published by |
9 | * the Free Software Foundation, version 2 of the License. | 9 | * the Free Software Foundation, version 2 of the License. |
10 | * | 10 | * |
11 | * See Documentation/keys-trusted-encrypted.txt | 11 | * See Documentation/security/keys-trusted-encrypted.txt |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/uaccess.h> | 14 | #include <linux/uaccess.h> |