Lines Matching +full:secure +full:- +full:only

1 .. SPDX-License-Identifier: GPL-2.0
12 `samples/check-exec/inc.c`_ example.
36 Passing the ``AT_EXECVE_CHECK`` flag to :manpage:`execveat(2)` only performs a
41 Programs should always perform this check to apply kernel-level checks against
45 should only be enforced according to ``SECBIT_EXEC_RESTRICT_FILE`` or
54 In a secure environment, libraries and any executable dependencies should also
57 For such secure execution environment to make sense, only trusted code should
60 To avoid race conditions leading to time-of-check to time-of-use issues,
67 When ``SECBIT_EXEC_RESTRICT_FILE`` is set, a process should only interpret or
71 This secure bit may be set by user session managers, service managers,
75 Programs should only enforce consistent restrictions according to the
76 securebits but without relying on any other user-controlled configuration.
77 Indeed, the use case for these securebits is to only trust executable code
85 executions, but only from vetted executable programs, which is OK.  For this to
98 This secure bit may be set by user session managers, service managers,
114    migration to a secure mode.
123    /tmp/*.sh``).  This makes sense for (semi-restricted) user sessions.
129    This use case may be useful for secure services (i.e. without interactive
131    dm-verity/IPE) but where access rights might not be ready yet.  Indeed,
140    This makes sense for system services that may only execute trusted scripts.
143 .. _samples/check-exec/inc.c:
144    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/samples/check-exec/inc.c