github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-05 04:56:13 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8ffc7dbce2
linux/Documentation/ABI
History
Linus Torvalds 8ffc7dbce2 selinux/stable-6.13 PR 20241112 
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmcztEsUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXN8qg//eUYYuhO4LWY3Qq5P4pNbaJ40Mx8Y
 MSjYoN345nwLnWN1T3JTFik6Se6RKQmqMTd5xtdphnaP1NP3dtxTiV3nWWdP+/Ak
 JNwGAGrjX8JOep8KNEkUbH219iuFgUvvYIfIXaEswe6AAgtK1A7VDwAkSVdeoenD
 Ll0xpwKiZppxnDrwHtyB7JwPFVxsx4ctUOz8u7HBEyGDXPbiDmAGvLNwWbcmPSb1
 EndFPdxIOsNaipl8NcQEBz5x5t/r/qVhXkSbalx5o5eAouXHfr4ArurgGV69TRDM
 3Xqr8RkS6nkA+/rvTUxe2JF4IZ7MTD61+iAFxgsj4cnVavI3oszTfCy1j45auAt9
 QoRVAIQgJv/f7DI15A/0u2ZuGwCBAPFn6lG34jHauI/LQ1f9s1w/anSLYXOzxw74
 NmC2eYedznqemDP1DUPUjpp06/Nm88eEvrfsl9lTCY3cN8wAaFWEDhAFCu2IbDQM
 bpl8/rNoVKE1v2+p3WmXnug9DRs2JF6gvjlo/HPEHxv/hfO0rbTrb6cPcMd7BUXB
 ZM1D45oj5lPaOR+by7AaFzSL0zZiyMa5f59Jib7cvIXTy9t2aXGiHps2kbnRdIgx
 3JfJIWf7TSA8HPzkU766nGvBaEWUumWbKka+SVuSv/I2A9lP2RskprfSEEvCP/5P
 ysmXzAwulqfDY30=
 =Jo+V
 -----END PGP SIGNATURE-----

Merge tag 'selinux-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Add support for netlink xperms

   Some time ago we added the concept of "xperms" to the SELinux policy
   so that we could write policy for individual ioctls, this builds upon
   this by using extending xperms to netlink so that we can write
   SELinux policy for individual netlnk message types and not rely on
   the fairly coarse read/write mapping tables we currently have.

   There are limitations involving generic netlink due to the
   multiplexing that is done, but it's no worse that what we currently
   have. As usual, more information can be found in the commit message.

 - Deprecate /sys/fs/selinux/user

   We removed the only known userspace use of this back in 2020 and now
   that several years have elapsed we're starting down the path of
   deprecating it in the kernel.

 - Cleanup the build under scripts/selinux

   A couple of patches to move the genheaders tool under
   security/selinux and correct our usage of kernel headers in the tools
   located under scripts/selinux. While these changes originated out of
   an effort to build Linux on different systems, they are arguably the
   right thing to do regardless.

 - Minor code cleanups and style fixes

   Not much to say here, two minor cleanup patches that came out of the
   netlink xperms work

* tag 'selinux-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: Deprecate /sys/fs/selinux/user
  selinux: apply clang format to security/selinux/nlmsgtab.c
  selinux: streamline selinux_nlmsg_lookup()
  selinux: Add netlink xperm support
  selinux: move genheaders to security/selinux/
  selinux: do not include <linux/*.h> headers from host programs
2024-11-18 17:30:52 -08:00
..
obsolete selinux: Deprecate /sys/fs/selinux/user 2024-10-07 16:39:49 -04:00
removed Documentation: Mark the 'efivars' sysfs interface as removed 2024-04-13 10:33:02 +02:00
stable for-6.13/block-20241118 2024-11-18 16:50:08 -08:00
testing Char/Misc and other driver changes for 6.12-rc1 2024-09-26 10:13:08 -07:00
README

README 

This directory attempts to document the ABI between the Linux kernel and
userspace, and the relative stability of these interfaces.  Due to the
everchanging nature of Linux, and the differing maturity levels, these
interfaces should be used by userspace programs in different ways.

We have four different levels of ABI stability, as shown by the four
different subdirectories in this location.  Interfaces may change levels
of stability according to the rules described below.

The different levels of stability are:

  stable/
	This directory documents the interfaces that the developer has
	defined to be stable.  Userspace programs are free to use these
	interfaces with no restrictions, and backward compatibility for
	them will be guaranteed for at least 2 years.  Most interfaces
	(like syscalls) are expected to never change and always be
	available.

  testing/
	This directory documents interfaces that are felt to be stable,
	as the main development of this interface has been completed.
	The interface can be changed to add new features, but the
	current interface will not break by doing this, unless grave
	errors or security problems are found in them.  Userspace
	programs can start to rely on these interfaces, but they must be
	aware of changes that can occur before these interfaces move to
	be marked stable.  Programs that use these interfaces are
	strongly encouraged to add their name to the description of
	these interfaces, so that the kernel developers can easily
	notify them if any changes occur (see the description of the
	layout of the files below for details on how to do this.)

  obsolete/
	This directory documents interfaces that are still remaining in
	the kernel, but are marked to be removed at some later point in
	time.  The description of the interface will document the reason
	why it is obsolete and when it can be expected to be removed.

  removed/
	This directory contains a list of the old interfaces that have
	been removed from the kernel.

Every file in these directories will contain the following information:

What:		Short description of the interface
Date:		Date created
KernelVersion:	Kernel version this feature first showed up in.
Contact:	Primary contact for this interface (may be a mailing list)
Description:	Long description of the interface and how to use it.
Users:		All users of this interface who wish to be notified when
		it changes.  This is very important for interfaces in
		the "testing" stage, so that kernel developers can work
		with userspace developers to ensure that things do not
		break in ways that are unacceptable.  It is also
		important to get feedback for these interfaces to make
		sure they are working in a proper way and do not need to
		be changed further.


Note:
   The fields should be use a simple notation, compatible with ReST markup.
   Also, the file **should not** have a top-level index, like::

	===
	foo
	===

How things move between levels:

Interfaces in stable may move to obsolete, as long as the proper
notification is given.

Interfaces may be removed from obsolete and the kernel as long as the
documented amount of time has gone by.

Interfaces in the testing state can move to the stable state when the
developers feel they are finished.  They cannot be removed from the
kernel tree without going through the obsolete state first.

It's up to the developer to place their interfaces in the category they
wish for it to start out in.


Notable bits of non-ABI, which should not under any circumstances be considered
stable:

- Kconfig.  Userspace should not rely on the presence or absence of any
  particular Kconfig symbol, in /proc/config.gz, in the copy of .config
  commonly installed to /boot, or in any invocation of the kernel build
  process.

- Kernel-internal symbols.  Do not rely on the presence, absence, location, or
  type of any kernel symbol, either in System.map files or the kernel binary
  itself.  See Documentation/process/stable-api-nonsense.rst.