OpenCloudOS-Kernel/security/integrity
Mimi Zohar 24fd03c876 ima: update builtin policies
This patch defines a builtin measurement policy "tcb", similar to the
existing "ima_tcb", but with additional rules to also measure files
based on the effective uid and to measure files opened with the "read"
mode bit set (eg. read, read-write).

Changing the builtin "ima_tcb" policy could potentially break existing
users.  Instead of defining a new separate boot command line option each
time the builtin measurement policy is modified, this patch defines a
single generic boot command line option "ima_policy=" to specify the
builtin policy and deprecates the use of the builtin ima_tcb policy.

[The "ima_policy=" boot command line option is based on Roberto Sassu's
"ima: added new policy type exec" patch.]

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dr. Greg Wettstein <gw@idfusion.org>
Cc: stable@vger.kernel.org
2015-06-16 08:18:45 -04:00
..
evm evm: fix potential race when removing xattrs 2015-05-21 13:28:47 -04:00
ima ima: update builtin policies 2015-06-16 08:18:45 -04:00
Kconfig kconfig: use bool instead of boolean for type definition attributes 2015-01-07 13:08:04 +01:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00
digsig.c integrity: add validity checks for 'path' parameter 2015-05-21 13:59:28 -04:00
digsig_asymmetric.c integrity: do zero padding of the key id 2014-10-06 17:33:27 +01:00
iint.c integrity: add validity checks for 'path' parameter 2015-05-21 13:59:28 -04:00
integrity.h integrity: add validity checks for 'path' parameter 2015-05-21 13:59:28 -04:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00