summaryrefslogtreecommitdiffstats
path: root/Documentation/security/IMA-templates.rst
diff options
context:
space:
mode:
authorThiago Jung Bauermann <bauerman@linux.ibm.com>2019-06-27 23:19:32 -0300
committerMimi Zohar <zohar@linux.ibm.com>2019-08-05 18:40:25 -0400
commit3878d505aa718bcc7b1eb4089ab9b9fb27dee957 (patch)
tree94bf31dc35114d22a2c87906106074cdcb4bd021 /Documentation/security/IMA-templates.rst
parent15588227e086ec662d59df144e48af82e3e592f1 (diff)
downloadlinux-stable-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.tar.gz
linux-stable-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.tar.bz2
linux-stable-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.zip
ima: Define ima-modsig template
Define new "d-modsig" template field which holds the digest that is expected to match the one contained in the modsig, and also new "modsig" template field which holds the appended file signature. Add a new "ima-modsig" defined template descriptor with the new fields as well as the ones from the "ima-sig" descriptor. Change ima_store_measurement() to accept a struct modsig * argument so that it can be passed along to the templates via struct ima_event_data. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'Documentation/security/IMA-templates.rst')
-rw-r--r--Documentation/security/IMA-templates.rst3
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/security/IMA-templates.rst b/Documentation/security/IMA-templates.rst
index 3d1cca287aa4..c5a8432972ef 100644
--- a/Documentation/security/IMA-templates.rst
+++ b/Documentation/security/IMA-templates.rst
@@ -68,8 +68,10 @@ descriptors by adding their identifier to the format string
- 'd-ng': the digest of the event, calculated with an arbitrary hash
algorithm (field format: [<hash algo>:]digest, where the digest
prefix is shown only if the hash algorithm is not SHA1 or MD5);
+ - 'd-modsig': the digest of the event without the appended modsig;
- 'n-ng': the name of the event, without size limitations;
- 'sig': the file signature;
+ - 'modsig' the appended file signature;
- 'buf': the buffer data that was used to generate the hash without size limitations;
@@ -79,6 +81,7 @@ Below, there is the list of defined template descriptors:
- "ima-ng" (default): its format is ``d-ng|n-ng``;
- "ima-sig": its format is ``d-ng|n-ng|sig``;
- "ima-buf": its format is ``d-ng|n-ng|buf``;
+ - "ima-modsig": its format is ``d-ng|n-ng|sig|d-modsig|modsig``;
Use