diff options
| author | Alejandro Colomar <alx@kernel.org> | 2023-02-05 23:14:38 +0100 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2023-02-05 23:14:42 +0100 |
| commit | cdede5cdd1b0ba75135d3b32d96354026e96f866 (patch) | |
| tree | f21d7604d25b2de607ef5471e5e180094231e046 /man7/kernel_lockdown.7 | |
| parent | f29fc8dcf0da15a596a7cdc7e5a0b2932100b522 (diff) | |
| download | man-pages-cdede5cdd1b0ba75135d3b32d96354026e96f866.tar.gz | |
Many pages: Use \[bu] instead of \(bu
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Diffstat (limited to 'man7/kernel_lockdown.7')
| -rw-r--r-- | man7/kernel_lockdown.7 | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/man7/kernel_lockdown.7 b/man7/kernel_lockdown.7 index 7976a29c14..8bcd603b96 100644 --- a/man7/kernel_lockdown.7 +++ b/man7/kernel_lockdown.7 @@ -50,44 +50,44 @@ kprobes .PP and the ability to directly configure and control devices, so as to prevent the use of a device to access or modify a kernel image: -.IP \(bu 3 +.IP \[bu] 3 The use of module parameters that directly specify hardware parameters to drivers through the kernel command line or when loading a module. -.IP \(bu +.IP \[bu] The use of direct PCI BAR access. -.IP \(bu +.IP \[bu] The use of the ioperm and iopl instructions on x86. -.IP \(bu +.IP \[bu] The use of the KD*IO console ioctls. -.IP \(bu +.IP \[bu] The use of the TIOCSSERIAL serial ioctl. -.IP \(bu +.IP \[bu] The alteration of MSR registers on x86. -.IP \(bu +.IP \[bu] The replacement of the PCMCIA CIS. -.IP \(bu +.IP \[bu] The overriding of ACPI tables. -.IP \(bu +.IP \[bu] The use of ACPI error injection. -.IP \(bu +.IP \[bu] The specification of the ACPI RDSP address. -.IP \(bu +.IP \[bu] The use of ACPI custom methods. .PP Certain facilities are restricted: -.IP \(bu 3 +.IP \[bu] 3 Only validly signed modules may be loaded (waived if the module file being loaded is vouched for by IMA appraisal). -.IP \(bu +.IP \[bu] Only validly signed binaries may be kexec'd (waived if the binary image file to be executed is vouched for by IMA appraisal). -.IP \(bu +.IP \[bu] Unencrypted hibernation/suspend to swap are disallowed as the kernel image is saved to a medium that can then be accessed. -.IP \(bu +.IP \[bu] Use of debugfs is not permitted as this allows a whole range of actions including direct configuration of, access to and driving of hardware. -.IP \(bu +.IP \[bu] IMA requires the addition of the "secure_boot" rules to the policy, whether or not they are specified on the command line, for both the built-in and custom policies in secure boot lockdown mode. |