aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/ABI
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2009-02-04 09:07:00 -0500
committerJames Morris <jmorris@namei.org>2009-02-05 17:05:31 -0500
commit4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
treefaec95258d2456eb35515f289eb688914ce3b54f /Documentation/ABI
parentbab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)
integrity: IMA policy
Support for a user loadable policy through securityfs with support for LSM specific policy data. - free invalid rule in ima_parse_add_rule() Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation/ABI')
-rw-r--r--Documentation/ABI/testing/ima_policy61
1 files changed, 61 insertions, 0 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
new file mode 100644
index 000000000000..6434f0df012e
--- /dev/null
+++ b/Documentation/ABI/testing/ima_policy
@@ -0,0 +1,61 @@
1What: security/ima/policy
2Date: May 2008
3Contact: Mimi Zohar <zohar@us.ibm.com>
4Description:
5 The Trusted Computing Group(TCG) runtime Integrity
6 Measurement Architecture(IMA) maintains a list of hash
7 values of executables and other sensitive system files
8 loaded into the run-time of this system. At runtime,
9 the policy can be constrained based on LSM specific data.
10 Policies are loaded into the securityfs file ima/policy
11 by opening the file, writing the rules one at a time and
12 then closing the file. The new policy takes effect after
13 the file ima/policy is closed.
14
15 rule format: action [condition ...]
16
17 action: measure | dont_measure
18 condition:= base | lsm
19 base: [[func=] [mask=] [fsmagic=] [uid=]]
20 lsm: [[subj_user=] [subj_role=] [subj_type=]
21 [obj_user=] [obj_role=] [obj_type=]]
22
23 base: func:= [BPRM_CHECK][FILE_MMAP][INODE_PERMISSION]
24 mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
25 fsmagic:= hex value
26 uid:= decimal value
27 lsm: are LSM specific
28
29 default policy:
30 # PROC_SUPER_MAGIC
31 dont_measure fsmagic=0x9fa0
32 # SYSFS_MAGIC
33 dont_measure fsmagic=0x62656572
34 # DEBUGFS_MAGIC
35 dont_measure fsmagic=0x64626720
36 # TMPFS_MAGIC
37 dont_measure fsmagic=0x01021994
38 # SECURITYFS_MAGIC
39 dont_measure fsmagic=0x73636673
40
41 measure func=BPRM_CHECK
42 measure func=FILE_MMAP mask=MAY_EXEC
43 measure func=INODE_PERM mask=MAY_READ uid=0
44
45 The default policy measures all executables in bprm_check,
46 all files mmapped executable in file_mmap, and all files
47 open for read by root in inode_permission.
48
49 Examples of LSM specific definitions:
50
51 SELinux:
52 # SELINUX_MAGIC
53 dont_measure fsmagic=0xF97CFF8C
54
55 dont_measure obj_type=var_log_t
56 dont_measure obj_type=auditd_log_t
57 measure subj_user=system_u func=INODE_PERM mask=MAY_READ
58 measure subj_role=system_r func=INODE_PERM mask=MAY_READ
59
60 Smack:
61 measure subj_user=_ func=INODE_PERM mask=MAY_READ