| Kees Cook | 504f231 | 2017-05-13 04:51:43 -0700 | [diff] [blame] | 1 | ================================= |
| 2 | Linux Security Module Development |
| 3 | ================================= |
| 4 | |
| Joe Perches | 05a5f51 | 2021-01-10 12:41:44 -0800 | [diff] [blame] | 5 | Based on https://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.org, |
| Kees Cook | 504f231 | 2017-05-13 04:51:43 -0700 | [diff] [blame] | 6 | a new LSM is accepted into the kernel when its intent (a description of |
| 7 | what it tries to protect against and in what cases one would expect to |
| Randy Dunlap | e6123c5 | 2018-10-08 17:46:04 -0700 | [diff] [blame] | 8 | use it) has been appropriately documented in ``Documentation/admin-guide/LSM/``. |
| Kees Cook | 504f231 | 2017-05-13 04:51:43 -0700 | [diff] [blame] | 9 | This allows an LSM's code to be easily compared to its goals, and so |
| 10 | that end users and distros can make a more informed decision about which |
| 11 | LSMs suit their requirements. |
| 12 | |
| 13 | For extensive documentation on the available LSM hook interfaces, please |
| Kees Cook | 80fcc98 | 2019-02-17 14:19:01 -0800 | [diff] [blame] | 14 | see ``include/linux/lsm_hooks.h`` and associated structures: |
| 15 | |
| 16 | .. kernel-doc:: include/linux/lsm_hooks.h |
| 17 | :internal: |