* [PATCH] docs: security: ipe: fix typos and grammar
@ 2026-03-08 3:16 Evan Ducas
2026-03-08 6:17 ` Randy Dunlap
2026-03-08 7:48 ` Bagas Sanjaya
0 siblings, 2 replies; 3+ messages in thread
From: Evan Ducas @ 2026-03-08 3:16 UTC (permalink / raw)
To: wufan, corbet, skhan
Cc: linux-security-module, linux-doc, linux-kernel, Evan Ducas
Fix several spelling and grammar mistakes in the IPE
documentation.
No functional change.
Signed-off-by: Evan Ducas <evan.j.ducas@gmail.com>
---
Documentation/security/ipe.rst | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index 4a7d953abcdc..d29824d7fd2d 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -18,7 +18,7 @@ strong integrity guarantees over both the executable code, and specific
*data files* on the system, that were critical to its function. These
specific data files would not be readable unless they passed integrity
policy. A mandatory access control system would be present, and
-as a result, xattrs would have to be protected. This lead to a selection
+as a result, xattrs would have to be protected. This led to a selection
of what would provide the integrity claims. At the time, there were two
main mechanisms considered that could guarantee integrity for the system
with these requirements:
@@ -195,7 +195,7 @@ of the policy to apply the minute usermode starts. Generally, that storage
can be handled in one of three ways:
1. The policy file(s) live on disk and the kernel loads the policy prior
- to an code path that would result in an enforcement decision.
+ to a code path that would result in an enforcement decision.
2. The policy file(s) are passed by the bootloader to the kernel, who
parses the policy.
3. There is a policy file that is compiled into the kernel that is
@@ -235,7 +235,7 @@ Updatable, Rebootless Policy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As requirements change over time (vulnerabilities are found in previously
-trusted applications, keys roll, etcetera). Updating a kernel to change the
+trusted applications, keys roll, etcetera). Updating a kernel to change to
meet those security goals is not always a suitable option, as updates are not
always risk-free, and blocking a security update leaves systems vulnerable.
This means IPE requires a policy that can be completely updated (allowing
@@ -370,7 +370,7 @@ Simplified Policy:
Finally, IPE's policy is designed for sysadmins, not kernel developers. Instead
of covering individual LSM hooks (or syscalls), IPE covers operations. This means
instead of sysadmins needing to know that the syscalls ``mmap``, ``mprotect``,
-``execve``, and ``uselib`` must have rules protecting them, they must simple know
+``execve``, and ``uselib`` must have rules protecting them, they must simply know
that they want to restrict code execution. This limits the amount of bypasses that
could occur due to a lack of knowledge of the underlying system; whereas the
maintainers of IPE, being kernel developers can make the correct choice to determine
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] docs: security: ipe: fix typos and grammar
2026-03-08 3:16 [PATCH] docs: security: ipe: fix typos and grammar Evan Ducas
@ 2026-03-08 6:17 ` Randy Dunlap
2026-03-08 7:48 ` Bagas Sanjaya
1 sibling, 0 replies; 3+ messages in thread
From: Randy Dunlap @ 2026-03-08 6:17 UTC (permalink / raw)
To: Evan Ducas, wufan, corbet, skhan
Cc: linux-security-module, linux-doc, linux-kernel
Hi,
On 3/7/26 7:16 PM, Evan Ducas wrote:
> @@ -235,7 +235,7 @@ Updatable, Rebootless Policy
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> As requirements change over time (vulnerabilities are found in previously
> -trusted applications, keys roll, etcetera). Updating a kernel to change the
> +trusted applications, keys roll, etcetera). Updating a kernel to change to
What is the first sentence in the paragraph above?
Maybe s/. U/, u/ ?
> meet those security goals is not always a suitable option, as updates are not
> always risk-free, and blocking a security update leaves systems vulnerable.
> This means IPE requires a policy that can be completely updated (allowing
--
~Randy
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] docs: security: ipe: fix typos and grammar
2026-03-08 3:16 [PATCH] docs: security: ipe: fix typos and grammar Evan Ducas
2026-03-08 6:17 ` Randy Dunlap
@ 2026-03-08 7:48 ` Bagas Sanjaya
1 sibling, 0 replies; 3+ messages in thread
From: Bagas Sanjaya @ 2026-03-08 7:48 UTC (permalink / raw)
To: Evan Ducas, wufan, corbet, skhan
Cc: linux-security-module, linux-doc, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 721 bytes --]
On Sat, Mar 07, 2026 at 10:16:33PM -0500, Evan Ducas wrote:
> As requirements change over time (vulnerabilities are found in previously
> -trusted applications, keys roll, etcetera). Updating a kernel to change the
> +trusted applications, keys roll, etcetera). Updating a kernel to change to
> meet those security goals is not always a suitable option, as updates are not
> always risk-free, and blocking a security update leaves systems vulnerable.
> This means IPE requires a policy that can be completely updated (allowing
As requirements change over time ..., updating a kernel to meet ..., yet
blocking a security update ... .
Thanks.
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-08 7:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-08 3:16 [PATCH] docs: security: ipe: fix typos and grammar Evan Ducas
2026-03-08 6:17 ` Randy Dunlap
2026-03-08 7:48 ` Bagas Sanjaya
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox