diff options
| author | James Morris <james.l.morris@oracle.com> | 2015-06-18 23:28:40 +1000 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2015-06-18 23:28:40 +1000 |
| commit | b3bddffd35a0b77eee89760eb94cafa18dc431f5 (patch) | |
| tree | 58c0f6c79c121dfbe91f2058210c79d7ee25acc2 /Documentation | |
| parent | 49afd7289bd937401c5f7faa193054bc3c41dad6 (diff) | |
| parent | 24fd03c87695a76f0517df42a37e51b1597d2c8a (diff) | |
| download | blackbird-obmc-linux-b3bddffd35a0b77eee89760eb94cafa18dc431f5.tar.gz blackbird-obmc-linux-b3bddffd35a0b77eee89760eb94cafa18dc431f5.zip | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/ABI/testing/ima_policy | 6 | ||||
| -rw-r--r-- | Documentation/kernel-parameters.txt | 10 |
2 files changed, 13 insertions, 3 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 8ae3f57090d4..0a378a88217a 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -20,17 +20,19 @@ Description: action: measure | dont_measure | appraise | dont_appraise | audit condition:= base | lsm [option] base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=] - [fowner]] + [euid=] [fowner=]] lsm: [[subj_user=] [subj_role=] [subj_type=] [obj_user=] [obj_role=] [obj_type=]] option: [[appraise_type=]] [permit_directio] base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] - mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC] + mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] + [[^]MAY_EXEC] fsmagic:= hex value fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6) uid:= decimal value + euid:= decimal value fowner:=decimal value lsm: are LSM specific option: appraise_type:= [imasig] diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index abc496f95220..807b765087d4 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1398,7 +1398,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted. The list of supported hash algorithms is defined in crypto/hash_info.h. - ima_tcb [IMA] + ima_policy= [IMA] + The builtin measurement policy to load during IMA + setup. Specyfing "tcb" as the value, measures all + programs exec'd, files mmap'd for exec, and all files + opened with the read mode bit set by either the + effective uid (euid=0) or uid=0. + Format: "tcb" + + ima_tcb [IMA] Deprecated. Use ima_policy= instead. Load a policy which meets the needs of the Trusted Computing Base. This means IMA will measure all programs exec'd, files mmap'd for exec, and all files |
