[PATCH V2 3/7] object_classes_permissions.md: Deprecate lockdown class

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Add text regarding the removal of lockdown hooks from kernel 5.16.

Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
---
 src/object_classes_permissions.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/object_classes_permissions.md b/src/object_classes_permissions.md
index b092a9b..4ad8520 100644
--- a/src/object_classes_permissions.md
+++ b/src/object_classes_permissions.md
@@ -70,7 +70,7 @@
   - [Performance Event Object Class](#performance-event-object-class)
     - [*perf_event*](#perf_event)
   - [Lockdown Object Class](#lockdown-object-class)
-    - [*lockdown*](#lockdown)
+    - [*lockdown* (Deprecated)](#lockdown-deprecated)
   - [IPC Object Classes](#ipc-object-classes)
     - [*ipc* (Deprecated)](#ipc-deprecated)
     - [*sem*](#sem)
@@ -1674,15 +1674,15 @@ Control ***perf**(1)* events
 
 ## Lockdown Object Class
 
-Note: If the *lockdown* LSM is enabled alongside SELinux, then the
-lockdown access control will take precedence over the SELinux lockdown
-implementation.
+The *lockdown* class and associated SELinux LSM hook (added in kernel 5.6),
+have been removed from kernel 5.16 for the reasons discussed in
+<https://lore.kernel.org/selinux/163292547664.17566.8479687865641275719.stgit@olly/>.
 
-### *lockdown*
+### *lockdown* (Deprecated)
 
 Stop userspace extracting/modify kernel data.
 
-**Permissions** - 6 unique permissions:
+**Permissions** - 2 unique permissions:
 
 *confidentiality*
 
-- 
2.33.1




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux