OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ima: define Kconfig IMA_APPRAISE_BOOTPARAM option 

Permit enabling the different "ima_appraise=" modes (eg. log, fix)
from the boot command line.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Mimi Zohar 2017-04-24 22:06:49 -04:00
parent 503ceaef8e
commit e1f5e01f4b
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/integrity/ima/Kconfig
View File

@ -155,6 +155,14 @@ config IMA_APPRAISE
<http://linux-ima.sourceforge.net> <http://linux-ima.sourceforge.net>
If unsure, say N. If unsure, say N.
config IMA_APPRAISE_BOOTPARAM
bool "ima_appraise boot parameter"
depends on IMA_APPRAISE
default y
help
This option enables the different "ima_appraise=" modes
(eg. fix, log) from the boot command line.
config IMA_TRUSTED_KEYRING config IMA_TRUSTED_KEYRING
bool "Require all keys on the .ima keyring be signed (deprecated)" bool "Require all keys on the .ima keyring be signed (deprecated)"
depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING

2
security/integrity/ima/ima_appraise.c
View File

@ -20,12 +20,14 @@
static int __init default_appraise_setup(char *str) static int __init default_appraise_setup(char *str)
{ {
#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
if (strncmp(str, "off", 3) == 0) if (strncmp(str, "off", 3) == 0)
ima_appraise = 0; ima_appraise = 0;
else if (strncmp(str, "log", 3) == 0) else if (strncmp(str, "log", 3) == 0)
ima_appraise = IMA_APPRAISE_LOG; ima_appraise = IMA_APPRAISE_LOG;
else if (strncmp(str, "fix", 3) == 0) else if (strncmp(str, "fix", 3) == 0)
ima_appraise = IMA_APPRAISE_FIX; ima_appraise = IMA_APPRAISE_FIX;
#endif
return 1; return 1;
} }