[PATCH] Docs/security: update cmdline keyword usage

Randy Dunlap rdunlap at infradead.org
Tue Jan 14 22:51:56 UTC 2025 

Use "lsm=name,..." instead "security=name,..." since the latter is
deprecated.

Fixes: 89a9684ea158 ("LSM: Ignore "security=" when "lsm=" is specified")
Signed-off-by: Randy Dunlap <rdunlap at infradead.org>
Cc: Kees Cook <kees at kernel.org>
Cc: Paul Moore <paul at paul-moore.com>
Cc: James Morris <jmorris at namei.org>
Cc: "Serge E. Hallyn" <sergeh at kernel.org>
Cc: linux-security-module at vger.kernel.org
Cc: Kentaro Takeda <takedakn at nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
Cc: John Johansen <john.johansen at canonical.com>
Cc: John Johansen <john at apparmor.net>
Cc: Jonathan Corbet <corbet at lwn.net>
---
 Documentation/admin-guide/LSM/apparmor.rst |    4 ++--
 Documentation/admin-guide/LSM/index.rst    |    2 +-
 Documentation/admin-guide/LSM/tomoyo.rst   |    2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

--- linux-next-20250113.orig/Documentation/admin-guide/LSM/apparmor.rst
+++ linux-next-20250113/Documentation/admin-guide/LSM/apparmor.rst
@@ -27,10 +27,10 @@ in the list.
 Build the kernel
 
 If AppArmor is not the default security module it can be enabled by passing
-``security=apparmor`` on the kernel's command line.
+``lsm=apparmor`` on the kernel's command line.
 
 If AppArmor is the default security module it can be disabled by passing
-``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
+``apparmor=0, lsm=XXXX`` (where ``XXXX`` is valid security module), on the
 kernel's command line.
 
 For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
--- linux-next-20250113.orig/Documentation/admin-guide/LSM/index.rst
+++ linux-next-20250113/Documentation/admin-guide/LSM/index.rst
@@ -7,7 +7,7 @@ various security checks to be hooked by
 "module" is a bit of a misnomer since these extensions are not actually
 loadable kernel modules. Instead, they are selectable at build-time via
 CONFIG_DEFAULT_SECURITY and can be overridden at boot-time via the
-``"security=..."`` kernel command line argument, in the case where multiple
+``"lsm=..."`` kernel command line argument, in the case where multiple
 LSMs were built into a given kernel.
 
 The primary users of the LSM interface are Mandatory Access Control
--- linux-next-20250113.orig/Documentation/admin-guide/LSM/tomoyo.rst
+++ linux-next-20250113/Documentation/admin-guide/LSM/tomoyo.rst
@@ -18,7 +18,7 @@ to know what TOMOYO is.
 How to enable TOMOYO?
 =====================
 
-Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
+Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``lsm=tomoyo`` on
 kernel's command line.
 
 Please see https://tomoyo.sourceforge.net/2.6/ for details.

More information about the Linux-security-module-archive mailing list