OpenCloudOS-Kernel/Documentation
Mimi Zohar 24fd03c876 ima: update builtin policies
This patch defines a builtin measurement policy "tcb", similar to the
existing "ima_tcb", but with additional rules to also measure files
based on the effective uid and to measure files opened with the "read"
mode bit set (eg. read, read-write).

Changing the builtin "ima_tcb" policy could potentially break existing
users.  Instead of defining a new separate boot command line option each
time the builtin measurement policy is modified, this patch defines a
single generic boot command line option "ima_policy=" to specify the
builtin policy and deprecates the use of the builtin ima_tcb policy.

[The "ima_policy=" boot command line option is based on Roberto Sassu's
"ima: added new policy type exec" patch.]

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dr. Greg Wettstein <gw@idfusion.org>
Cc: stable@vger.kernel.org
2015-06-16 08:18:45 -04:00
..
ABI ima: extend "mask" policy matching support 2015-06-16 08:18:44 -04:00
DocBook Merge branch 'drm-next-merged' of git://people.freedesktop.org/~airlied/linux into v4l_for_linus 2015-04-21 09:44:55 -03:00
EDID drm: Add 800x600 (SVGA) screen resolution to the built-in EDIDs 2014-05-26 12:53:40 +10:00
PCI The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
RCU Merge branches 'doc.2015.01.07a', 'fixes.2015.01.15a', 'preempt.2015.01.06a', 'srcu.2015.01.06a', 'stall.2015.01.16a' and 'torture.2015.01.11a' into HEAD 2015-01-15 23:34:34 -08:00
accounting Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
acpi Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
aoe
arm ARM: SoC multiplatform code changes for v4.1 2015-04-22 09:20:15 -07:00
arm64 ARM64 / ACPI: additions of ACPI documentation for arm64 2015-03-26 15:13:09 +00:00
auxdisplay Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
backlight
blackfin Documentation: blackfin: Makefile: Typo building issue 2015-04-11 15:19:31 +02:00
block Documentation: Remove mentioning of block barriers 2015-03-20 07:41:56 -06:00
blockdev Merge branch 'for-4.1/drivers' of git://git.kernel.dk/linux-block 2015-04-16 22:05:27 -04:00
bus-devices
cdrom
cgroups The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
cma cma: debug: document new debugfs interface 2015-04-14 16:49:00 -07:00
connector w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
console
cpu-freq intel_pstate: Add num_pstates to sysfs 2015-01-30 01:52:17 +01:00
cpuidle
cris
crypto crypto: doc - AEAD / RNG AF_ALG interface 2015-03-09 21:06:18 +11:00
development-process Documentation: remove outdated references to the linux-next wiki 2014-10-28 09:06:11 -04:00
device-mapper dm crypt: update URLs to new cryptsetup project page 2015-04-15 12:10:24 -04:00
devicetree CRIS changes for 4.1 2015-04-26 13:31:05 -07:00
dmaengine Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2015-02-18 08:49:20 -08:00
driver-model Char/Misc driver patches for 4.1-rc1 2015-04-21 09:42:58 -07:00
dvb [media] get_dvb_firmware: Update firmware of ITEtech IT9135 2014-09-21 17:03:04 -03:00
early-userspace
extcon
fault-injection
fb
filesystems xfs: update for 4.1-rc1 2015-04-24 07:08:41 -07:00
firmware_class doc: fix minor typos in firmware_class README 2014-07-17 18:43:40 -07:00
fmc
frv
gpio The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
hid HID: sensor: Update document for custom sensor 2015-04-10 22:22:56 +02:00
hwmon hwmon: (it87) Add support for IT8620E 2015-04-05 06:01:00 -07:00
i2c i2c: slave: add documentation for i2c-slave-eeprom 2015-03-27 16:53:39 +01:00
ia64 virtual: Documentation: simplify and generalize paravirt_ops.txt 2015-02-13 17:15:44 +10:30
ide
infiniband IB/mad: add new ioctl to ABI to support new registration options 2014-08-10 20:36:00 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-04-21 12:54:08 -07:00
ioctl platform/chrome: Add Chrome OS EC userspace device interface 2015-02-26 15:45:06 -08:00
isdn
ja_JP
kbuild Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2015-02-19 10:31:37 -08:00
kdump kernel: add panic_on_warn 2014-12-10 17:41:10 -08:00
ko_KR
laptops thinkpad_acpi: Add adaptive_kbd_mode sysfs attr 2015-03-03 09:00:08 -08:00
leds Documentation: leds: Add description of LED Flash class extension 2015-03-09 17:18:00 -07:00
locking Documentation changes for 3.20 2015-02-11 13:03:11 -08:00
m68k
memory-devices
metag
mic Documentation: Build mic/mpssd only for x86_64 2014-12-05 11:18:36 -05:00
mips Documentation: au1xxx-ide.c has moved 2014-08-26 09:35:53 +02:00
misc-devices Documentation/misc-devices/mei: Fix indentation of embedded code. 2015-01-29 12:56:20 -07:00
mmc
mn10300
mtd MTD updates for 3.16: 2014-06-11 08:35:34 -07:00
namespaces
netlabel
networking Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-14 15:44:14 -04:00
nfc
nios2 Documentation: Add documentation for Nios2 architecture 2014-12-08 12:56:06 +08:00
parisc
pcmcia Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
phy
platform Documentation: Add list of laptop models supported by the Compal driver 2014-06-10 19:11:06 -04:00
power Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
powerpc Merge branch 'next-sriov' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc into next 2015-04-14 09:29:23 +10:00
pps
prctl Documentation: Restrict TSC test code to x86 2014-10-28 08:46:27 -04:00
pti
ptp ptp: restore the makefile for building the test program. 2014-10-24 16:07:10 -04:00
rapidio rapidio/tsi721_dma: rework scatter-gather list handling 2014-08-08 15:57:24 -07:00
s390 s390/docs: Remove section about script debugging from Debugging390.txt 2015-01-15 11:11:14 +01:00
scheduler docs/completion.txt: Various tweaks and corrections 2015-04-04 15:20:26 +02:00
scsi genirq: Remove the deprecated 'IRQF_DISABLED' request_irq() flag entirely 2015-03-05 20:53:06 +01:00
security Smack: allow multiple labels in onlycap 2015-06-02 11:53:42 -07:00
serial serial: Fix locking for uart driver set_termios() method 2014-11-05 18:53:54 -08:00
sh
sound ASoC: Updates for v4.1 2015-04-13 14:14:29 +02:00
spi Documentation/spi/spidev_test.c: fix warning 2015-04-17 09:04:12 -04:00
sysctl Doc/sysctl/kernel.txt: document threads-max 2015-04-17 09:04:07 -04:00
target target: Version 2 of TCMU ABI 2015-04-19 22:40:26 -07:00
thermal Documentation: thermal: document of_cpufreq_cooling_register() 2015-01-06 14:39:17 -04:00
timers documentation: Update NO_HZ_FULL interaction with POSIX timers 2015-02-26 11:57:29 -08:00
tpm
trace coresight: Correcting documentation typographical error 2015-04-03 16:17:03 +02:00
usb usb: patches for v4.1 merge window 2015-03-24 22:57:49 +01:00
vDSO vdso: don't require 64-bit math in standalone test 2014-10-25 10:53:44 -04:00
video4linux [media] media/Documentation: New flag EXECUTE_ON_WRITE 2015-04-08 06:35:16 -03:00
virtual KVM: PPC: Book3S HV: Add fast real-mode H_RANDOM implementation. 2015-04-21 15:21:29 +02:00
vm The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
w1 w1: new w1_ds2406 driver 2014-06-19 17:45:14 -07:00
watchdog Documentation: use subdir-y to avoid unnecessary built-in.o files 2014-09-26 11:02:55 +02:00
wimax
x86 x86/mm/KASLR: Propagate KASLR status to kernel proper 2015-04-03 15:26:15 +02:00
xtensa
zh_CN Documentation:Update Documentation/zh_CN/arm64/memory.txt 2015-04-04 15:20:26 +02:00
00-INDEX Update of Documentation/dmaengine/00-INDEX 2014-12-29 15:28:24 -07:00
BUG-HUNTING
Changes Documentation: GNU is frequently spelled Gnu 2014-12-29 15:33:17 -07:00
CodeOfConflict Code of Conflict 2015-02-27 11:44:24 -08:00
CodingStyle The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
DMA-API-HOWTO.txt Documentation: correct parameter error for dma_mapping_error 2014-09-26 11:22:29 +02:00
DMA-API.txt DMA-API: Capitalize "CPU" consistently 2014-05-26 17:28:27 -06:00
DMA-ISA-LPC.txt
DMA-attributes.txt
HOWTO Documentation: remove outdated references to the linux-next wiki 2014-10-28 09:06:11 -04:00
IPMI.txt ipmi: Add SMBus interface driver (SSIF) 2014-12-11 15:04:11 -06:00
IRQ-affinity.txt
IRQ-domain.txt IRQCHIP: Update docs regarding irq_domain_add_tree() 2015-04-01 17:21:35 +02:00
IRQ.txt
Intel-IOMMU.txt
Makefile Documentation: Remove ZBOOT MMC/SDHI utility and docs 2015-02-24 06:45:25 +09:00
ManagementStyle
SAK.txt
SM501.txt
SecurityBugs
SubmitChecklist
SubmittingDrivers doc: SubmittingPatches: remove dead link, kerneltrap.org no longer works 2014-06-19 15:15:27 +02:00
SubmittingPatches checkpatch, SubmittingPatches: suggest line wrapping commit messages at 75 columns 2015-04-17 09:03:57 -04:00
VGA-softcursor.txt
applying-patches.txt Documentation: change "&" to "and" in Documentation/applying-patches.txt 2014-09-26 11:10:11 +02:00
assoc_array.txt
atomic_ops.txt documentation: Clarify memory-barrier semantics of atomic operations 2015-02-26 11:57:31 -08:00
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt binfmt_misc: touch up documentation a bit 2014-10-14 02:18:16 +02:00
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt rmap: drop support of non-linear mappings 2015-02-10 14:30:31 -08:00
circular-buffers.txt
clk.txt clk: Add rate constraints to clocks 2015-02-02 14:23:42 -08:00
coccinelle.txt
cpu-hotplug.txt cpumask: fix cpu-hotplug documentation 2015-03-05 13:37:01 +10:30
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
dell_rbu.txt
devices.txt
digsig.txt
dma-buf-sharing.txt dma-buf: cleanup dma_buf_export() to make it easily extensible 2015-04-21 14:47:16 +05:30
dontdiff
dynamic-debug-howto.txt
edac.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
efi-stub.txt
eisa.txt
email-clients.txt Documentation/email-clients.txt: Fix one grammar mistake, add extra info about TB 2015-03-20 07:41:55 -06:00
flexible-arrays.txt
futex-requeue-pi.txt doc: Fix misnamed FUTEX_CMP_REQUEUE_PI op constants 2015-01-19 12:05:32 +01:00
gcov.txt
gdb-kernel-debugging.txt scripts/gdb: add basic documentation 2015-02-17 14:34:54 -08:00
highuid.txt
hsi.txt
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
io-mapping.txt
io_ordering.txt
iostats.txt
irqflags-tracing.txt
isapnp.txt
java.txt Documentation: update java sample wrapper for java 7 2014-05-25 12:39:00 -07:00
kasan.txt kasan: enable instrumentation of global variables 2015-02-13 21:21:42 -08:00
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt ima: update builtin policies 2015-06-16 08:18:45 -04:00
kernel-per-CPU-kthreads.txt documentation: Update per-CPU kthreads documentation 2015-02-26 11:57:30 -08:00
kmemcheck.txt Documentation: update the CONFIG_DEBUG_PAGEALLOC description 2015-03-20 07:41:55 -06:00
kmemleak.txt Documentation: Add CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF case 2014-10-24 13:59:03 -04:00
kobject.txt kobject: grammar fix 2014-12-08 09:07:11 -05:00
kprobes.txt kprobes: Update Documentation/kprobes.txt 2015-03-20 07:41:55 -06:00
kref.txt
kselftest.txt kselftest: Move the docs to the Documentation dir 2014-11-24 10:49:54 -07:00
ldm.txt
local_ops.txt percpu: update local_ops.txt to reflect this_cpu operations 2014-12-13 12:42:53 -08:00
lockup-watchdogs.txt lockup-watchdogs: Fix a typo 2014-08-26 09:35:52 +02:00
logo.gif
logo.txt
lzo.txt Documentation: lzo: document part of the encoding 2014-09-28 11:08:00 +02:00
magic-number.txt
mailbox.txt Documentation: Fix a typo in mailbox.txt 2014-11-03 11:54:50 -05:00
md-cluster.txt md-cluster: Design Documentation 2015-02-23 07:16:46 -06:00
md.txt
media-framework.txt
memory-barriers.txt The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
memory-hotplug.txt mem-hotplug: fix typo in Documentation/memory-hotplug.txt 2015-03-20 07:41:55 -06:00
module-signing.txt
mono.txt
nommu-mmap.txt fs: introduce f_op->mmap_capabilities for nommu mmap support 2015-01-20 14:02:58 -07:00
numastat.txt
oops-tracing.txt livepatch: kernel: add TAINT_LIVEPATCH 2014-12-22 15:40:48 +01:00
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt phy: improved lookup method 2014-11-21 19:48:50 +05:30
pi-futex.txt
pinctrl.txt pinctrl: fix example .get_group_pins implementation signature 2015-03-18 02:02:20 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt The documentation tree update for 4.1. Numerous fixes, the overdue removal 2015-04-18 11:10:49 -04:00
pwm.txt
ramoops.txt pstore-ram: Allow optional mapping with pgprot_noncached 2014-12-11 13:38:31 -08:00
rbtree.txt
remoteproc.txt
rfkill.txt rfkill: document rfkill module parameters 2015-01-09 23:22:12 +01:00
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rtc.txt Documentation, split up rtc.txt into documentation and test file 2015-03-24 22:01:58 -06:00
serial-console.txt
sgi-ioc4.txt
smsc_ece1099.txt
sparse.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules: Add clause about specification of kernel versions to patch. 2015-03-26 23:52:24 +01:00
static-keys.txt
svga.txt
sysfs-rules.txt Documentation/sysfs-rules.txt: Add device attribute error code documentation 2014-09-19 14:44:51 -07:00
sysrq.txt
this_cpu_ops.txt Docs: this_cpu_ops: remove redundant add forms 2014-09-26 11:03:00 +02:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt drivers/vfio: EEH support for VFIO PCI device 2014-08-05 15:28:48 +10:00
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt
xillybus.txt xillybus: Move out of staging 2014-09-23 23:44:16 -07:00
xz.txt
zorro.txt