diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-04-24 22:06:49 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-06-21 14:37:12 -0400 |
commit | e1f5e01f4b035ced1c71b40866e4e5c0508fbb0b (patch) | |
tree | d17fa7316999c9dd88e05d061c2d34b168f54661 | |
parent | 503ceaef8e2e7dbbdb04a867acc6fe4c548ede7f (diff) | |
download | linux-e1f5e01f4b035ced1c71b40866e4e5c0508fbb0b.tar.gz linux-e1f5e01f4b035ced1c71b40866e4e5c0508fbb0b.tar.bz2 linux-e1f5e01f4b035ced1c71b40866e4e5c0508fbb0b.zip |
ima: define Kconfig IMA_APPRAISE_BOOTPARAM option
Permit enabling the different "ima_appraise=" modes (eg. log, fix)
from the boot command line.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r-- | security/integrity/ima/Kconfig | 8 | ||||
-rw-r--r-- | security/integrity/ima/ima_appraise.c | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 370eb2f4dd37..8b688a26033d 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -155,6 +155,14 @@ config IMA_APPRAISE <http://linux-ima.sourceforge.net> If unsure, say N. +config IMA_APPRAISE_BOOTPARAM + bool "ima_appraise boot parameter" + depends on IMA_APPRAISE + default y + help + This option enables the different "ima_appraise=" modes + (eg. fix, log) from the boot command line. + config IMA_TRUSTED_KEYRING bool "Require all keys on the .ima keyring be signed (deprecated)" depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 5d0785cfe063..ac546df73afc 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -20,12 +20,14 @@ static int __init default_appraise_setup(char *str) { +#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM if (strncmp(str, "off", 3) == 0) ima_appraise = 0; else if (strncmp(str, "log", 3) == 0) ima_appraise = IMA_APPRAISE_LOG; else if (strncmp(str, "fix", 3) == 0) ima_appraise = IMA_APPRAISE_FIX; +#endif return 1; } |