[RFC PATCH v2 11/12] documentation: Add IPE Documentation

Deven Bowers deven.desai at linux.microsoft.com
Tue Apr 14 21:18:45 UTC 2020


On 4/14/2020 8:38 AM, Jonathan Corbet wrote:
> On Mon,  6 Apr 2020 15:14:38 -0700
> deven.desai at linux.microsoft.com wrote:
>
>> From: Deven Bowers <deven.desai at linux.microsoft.com>
>>
>> Add IPE's documentation to the kernel tree.
>>
>> Signed-off-by: Deven Bowers <deven.desai at linux.microsoft.com>
> Thanks for including this nice documentation from the outset!  I have a
> couple of tiny nits to pick, but nothing really substantive to complain
> about, so:
>
>    Acked-by: Jonathan Corbet <corbet at lwn.net>

Thanks!

> [...]
>
>> +IPE is a Linux Security Module, which allows for a configurable policy
> I'd drop the comma (I told you these were nits!)

Got it, thanks!

>
> [...]
>
>> +IPE Policy
>> +~~~~~~~~~~
>> +
>> +IPE policy is designed to be both forward compatible and backwards
>> +compatible. There is one required line, at the top of the policy,
>> +indicating the policy name, and the policy version, for instance:
>> +
>> +::
>> +
>> +   policy_name="Ex Policy" policy_version=0.0.0
> This pattern can be compressed a bit by just putting the "::" at the end of
> the last line of text:
>
> 	indicating the policy name, and the policy version, for instance::
>
> 	   policy_name="Ex Policy" policy_version=0.0.0
>
> The result is a bit more readable in the plain-text format, IMO, and
> renders exactly the same in Sphinx.

Awesome. I'll address this feedback in v3.



More information about the Linux-security-module-archive mailing list