kernel-fxtec-pro1x/security/integrity
Dmitry Kasatkin 2faa6ef3b2 ima: provide 'ima_appraise=log' kernel option
The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes.  When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode.  It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-09-17 16:14:23 -04:00
..
evm integrity: base integrity subsystem kconfig options on integrity 2014-09-09 10:28:56 -04:00
ima ima: provide 'ima_appraise=log' kernel option 2014-09-17 16:14:23 -04:00
digsig.c ima: define '.ima' as a builtin 'trusted' keyring 2014-07-17 09:35:17 -04:00
digsig_asymmetric.c integrity: prevent flooding with 'Request for unknown key' 2014-09-09 10:28:44 -04:00
iint.c integrity: fix checkpatch errors 2014-03-07 12:15:45 -05:00
integrity.h integrity: remove declaration of non-existing functions 2014-09-09 10:28:46 -04:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
Kconfig integrity: base integrity subsystem kconfig options on integrity 2014-09-09 10:28:56 -04:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00