korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-23 20:24:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
7c9bc0983f
linux/security/integrity/ima
History
Bruno E. O. Meneguele 7c9bc0983f ima: check signature enforcement against cmdline param instead of CONFIG 
When the user requests MODULE_CHECK policy and its kernel is compiled
with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just
those loaded in initram time. One option the user would have would be
set a kernel cmdline param (module.sig_enforce) to true, but the IMA
module check code doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.

This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).

Signed-off-by: Bruno E. O. Meneguele <brdeoliv@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2017-11-08 15:16:36 -05:00
..
ima_api.c ima: always measure and audit files in policy 2017-11-08 15:16:36 -05:00
ima_appraise.c ima: Log the same audit cause whenever a file has no signature 2017-06-21 14:37:12 -04:00
ima_crypto.c ima: always measure and audit files in policy 2017-11-08 15:16:36 -05:00
ima_fs.c ima: don't remove the securityfs policy file 2017-11-08 15:16:36 -05:00
ima_init.c ima: on soft reboot, restore the measurement list 2016-12-20 09:48:43 -08:00
ima_kexec.c ima: define a canonical binary_runtime_measurements list format 2016-12-20 09:48:45 -08:00
ima_main.c ima: check signature enforcement against cmdline param instead of CONFIG 2017-11-08 15:16:36 -05:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
ima_queue.c ima: fix get_binary_runtime_size() 2017-06-21 14:37:12 -04:00
ima_template_lib.c ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c ima: use ima_parse_buf() to parse template data 2017-06-21 14:37:12 -04:00
ima.h ima: Simplify policy_func_show. 2017-06-21 14:37:12 -04:00
Kconfig IMA: Correct Kconfig dependencies for hash selection 2017-06-21 14:37:12 -04:00
Makefile ima: on soft reboot, restore the measurement list 2016-12-20 09:48:43 -08:00