kernel-fxtec-pro1x/security
Dmitry Kasatkin 2faa6ef3b2 ima: provide 'ima_appraise=log' kernel option
The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes.  When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode.  It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-09-17 16:14:23 -04:00
..
apparmor sched: move no_new_privs into new atomic flags 2014-07-18 12:13:38 -07:00
integrity ima: provide 'ima_appraise=log' kernel option 2014-09-17 16:14:23 -04:00
keys KEYS: revert encrypted key change 2014-07-28 12:36:17 +01:00
selinux Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2014-08-02 22:58:02 +10:00
smack Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2014-08-02 22:58:02 +10:00
tomoyo get rid of pointless checks for NULL ->i_op 2014-04-01 23:19:16 -04:00
yama
capability.c security: introduce kernel_fw_from_file hook 2014-07-25 11:47:45 -07:00
commoncap.c CAPABILITIES: remove undefined caps from all processes 2014-07-24 21:53:47 +10:00
device_cgroup.c device_cgroup: use css_has_online_children() instead of has_children() 2014-05-16 13:22:52 -04:00
inode.c
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c audit: anchor all pid references in the initial pid namespace 2014-03-20 10:11:55 -04:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
min_addr.c
security.c ima: add support for measuring and appraising firmware 2014-07-25 11:47:46 -07:00