mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 03:24:45 +01:00
7eef7c8bac
With a custom policy similar to the builtin IMA 'tcb' policy [1], arch specific policy, and a kexec boot command line measurement policy rule, the kexec boot command line is not measured due to the dont_measure tmpfs rule. Limit the builtin 'tcb' dont_measure tmpfs policy rule to just the "func=FILE_CHECK" hook. Depending on the end users security threat model, a custom policy might not even include this dont_measure tmpfs rule. Note: as a result of this policy rule change, other measurements might also be included in the IMA-measurement list that previously weren't included. [1] https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-tcb Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
||
|---|---|---|
| .. | ||
| evm | ||
| ima | ||
| platform_certs | ||
| digsig.c | ||
| digsig_asymmetric.c | ||
| iint.c | ||
| integrity.h | ||
| integrity_audit.c | ||
| Kconfig | ||
| Makefile | ||