[PATCH] Docs/security: update cmdline keyword usage

Randy Dunlap <rdunlap@xxxxxxxxxxxxx> · Tue, 14 Jan 2025 14:51:56 -0800

Use "lsm=name,..." instead "security=name,..." since the latter is
deprecated.

Fixes: 89a9684ea158 ("LSM: Ignore "security=" when "lsm=" is specified")
Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Cc: Kees Cook <kees@xxxxxxxxxx>
Cc: Paul Moore <paul@xxxxxxxxxxxxxx>
Cc: James Morris <jmorris@xxxxxxxxx>
Cc: "Serge E. Hallyn" <sergeh@xxxxxxxxxx>
Cc: linux-security-module@xxxxxxxxxxxxxxx
Cc: Kentaro Takeda <takedakn@xxxxxxxxxxxxx>
Cc: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Cc: John Johansen <john.johansen@xxxxxxxxxxxxx>
Cc: John Johansen <john@xxxxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
---
 Documentation/admin-guide/LSM/apparmor.rst |    4 ++--
 Documentation/admin-guide/LSM/index.rst    |    2 +-
 Documentation/admin-guide/LSM/tomoyo.rst   |    2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

--- linux-next-20250113.orig/Documentation/admin-guide/LSM/apparmor.rst
+++ linux-next-20250113/Documentation/admin-guide/LSM/apparmor.rst
@@ -27,10 +27,10 @@ in the list.
 Build the kernel
 
 If AppArmor is not the default security module it can be enabled by passing
-``security=apparmor`` on the kernel's command line.
+``lsm=apparmor`` on the kernel's command line.
 
 If AppArmor is the default security module it can be disabled by passing
-``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
+``apparmor=0, lsm=XXXX`` (where ``XXXX`` is valid security module), on the
 kernel's command line.
 
 For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
--- linux-next-20250113.orig/Documentation/admin-guide/LSM/index.rst
+++ linux-next-20250113/Documentation/admin-guide/LSM/index.rst
@@ -7,7 +7,7 @@ various security checks to be hooked by
 "module" is a bit of a misnomer since these extensions are not actually
 loadable kernel modules. Instead, they are selectable at build-time via
 CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
-``"security=..."`` kernel command line argument, in the case where multiple
+``"lsm=..."`` kernel command line argument, in the case where multiple
 LSMs were built into a given kernel.
 
 The primary users of the LSM interface are Mandatory Access Control
--- linux-next-20250113.orig/Documentation/admin-guide/LSM/tomoyo.rst
+++ linux-next-20250113/Documentation/admin-guide/LSM/tomoyo.rst
@@ -18,7 +18,7 @@ to know what TOMOYO is.
 How to enable TOMOYO?
 =====================
 
-Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
+Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``lsm=tomoyo`` on
 kernel's command line.
 
 Please see https://tomoyo.sourceforge.net/2.6/ for details.







