aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/ABI/testing/ima_policy
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2012-10-15 22:10:08 -0400
committerRusty Russell <rusty@rustcorp.com.au>2012-12-13 21:35:26 -0500
commitfdf90729e57812cb12d7938e2dee7c71e875fb08 (patch)
tree0ec17c765406dedc37ac278823d50587d53d1525 /Documentation/ABI/testing/ima_policy
parent1625cee56f8e6193b5a0809a414dfa395bd9cf1e (diff)
ima: support new kernel module syscall
With the addition of the new kernel module syscall, which defines two arguments - a file descriptor to the kernel module and a pointer to a NULL terminated string of module arguments - it is now possible to measure and appraise kernel modules like any other file on the file system. This patch adds support to measure and appraise kernel modules in an extensible and consistent manner. To support filesystems without extended attribute support, additional patches could pass the signature as the first parameter. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'Documentation/ABI/testing/ima_policy')
-rw-r--r--Documentation/ABI/testing/ima_policy3
1 files changed, 2 insertions, 1 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index 986946613542..ec0a38ef3145 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -23,7 +23,7 @@ Description:
23 lsm: [[subj_user=] [subj_role=] [subj_type=] 23 lsm: [[subj_user=] [subj_role=] [subj_type=]
24 [obj_user=] [obj_role=] [obj_type=]] 24 [obj_user=] [obj_role=] [obj_type=]]
25 25
26 base: func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK] 26 base: func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK][MODULE_CHECK]
27 mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC] 27 mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
28 fsmagic:= hex value 28 fsmagic:= hex value
29 uid:= decimal value 29 uid:= decimal value
@@ -53,6 +53,7 @@ Description:
53 measure func=BPRM_CHECK 53 measure func=BPRM_CHECK
54 measure func=FILE_MMAP mask=MAY_EXEC 54 measure func=FILE_MMAP mask=MAY_EXEC
55 measure func=FILE_CHECK mask=MAY_READ uid=0 55 measure func=FILE_CHECK mask=MAY_READ uid=0
56 measure func=MODULE_CHECK uid=0
56 appraise fowner=0 57 appraise fowner=0
57 58
58 The default policy measures all executables in bprm_check, 59 The default policy measures all executables in bprm_check,