diff options
author | Sunyeop Lee <sunyeop97@gmail.com> | 2017-03-24 11:08:28 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-03-24 11:08:28 +0530 |
commit | 65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d (patch) | |
tree | 14e134b89a2ee604ff290252c22ea20444ac8ceb /README.tunables | |
parent | 8d2030d659791184ecac8de9d6e1403b316a94c2 (diff) | |
download | glibc-65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d.tar glibc-65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d.tar.gz glibc-65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d.tar.bz2 glibc-65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d.zip |
Update old tunables framework document/script.
Since commit 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12, security_level replaces
is_secure. There were some old files need to be updated.
2017-03-23 Sunyeop Lee <sunyeop97@gmail.com>
* README.tunables: Updated descriptions.
* elf/dl-tunables.list: Fixed typo: SXID_NONE -> NONE.
* scripts/gen-tunables.awk: Updated the code related to the commit.
Diffstat (limited to 'README.tunables')
-rw-r--r-- | README.tunables | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/README.tunables b/README.tunables index df74f3b24b..aace2fca8f 100644 --- a/README.tunables +++ b/README.tunables @@ -58,13 +58,13 @@ The list of allowed attributes are: - env_alias: An alias environment variable -- is_secure: Specify whether the tunable should be read for setuid - binaries. True allows the tunable to be read for - setuid binaries while false disables it. Note that - even if this is set as true and the value is read, it - may not be used if it does not validate against the - acceptable values or is not considered safe by the - module. +- security_level: Specify security level of the tunable. Valid values: + + SXID_ERASE: (default) Don't read for AT_SECURE binaries and + removed so that child processes can't read it. + SXID_IGNORE: Don't read for AT_SECURE binaries, but retained for + non-AT_SECURE subprocesses. + NONE: Read all the time. 2. Call either the TUNABLE_SET_VALUE and pass into it the tunable name and a pointer to the variable that should be set with the tunable value. |