Searched hist:"2 faa6ef3b21152cc05b69a84113625dcee63176f" (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/security/integrity/ima/ |
| H A D | ima_appraise.c | diff 2faa6ef3b21152cc05b69a84113625dcee63176f Thu May 08 05:11:29 CDT 2014 Dmitry Kasatkin <d.kasatkin@samsung.com> ima: provide 'ima_appraise=log' kernel option
The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes. When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode. It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
|
| H A D | ima.h | diff 2faa6ef3b21152cc05b69a84113625dcee63176f Thu May 08 05:11:29 CDT 2014 Dmitry Kasatkin <d.kasatkin@samsung.com> ima: provide 'ima_appraise=log' kernel option
The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes. When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode. It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
|