mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 08:02:30 +00:00
9044d627fd
Introduce the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig With this rule, IMA will accept either a signature stored in the extended attribute or an appended signature. For now, the rule above will behave exactly the same as if appraise_type=imasig was specified. The actual modsig implementation will be introduced separately. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
||
---|---|---|
.. | ||
ima.h | ||
ima_api.c | ||
ima_appraise.c | ||
ima_crypto.c | ||
ima_fs.c | ||
ima_init.c | ||
ima_kexec.c | ||
ima_main.c | ||
ima_modsig.c | ||
ima_mok.c | ||
ima_policy.c | ||
ima_queue.c | ||
ima_template.c | ||
ima_template_lib.c | ||
ima_template_lib.h | ||
Kconfig | ||
Makefile |