aboutsummaryrefslogtreecommitdiff
path: root/Documentation/ABI
diff options
context:
space:
mode:
authorMatthew Garrett2019-06-19 15:46:11 -0700
committerMimi Zohar2019-06-19 18:51:01 -0400
commit19453ce0bcfbdf7332a104eebf5d835977af7284 (patch)
tree905616cb5f8ed74bdd94dfa9a51012f5bdad82af /Documentation/ABI
parent8c655784e2cf59cb6140759b8b546d98261d1ad9 (diff)
IMA: support for per policy rule template formats
Admins may wish to log different measurements using different IMA templates. Add support for overriding the default template on a per-rule basis. Inspired-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'Documentation/ABI')
-rw-r--r--Documentation/ABI/testing/ima_policy5
1 files changed, 3 insertions, 2 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index 74c6702de74e..b383c1763610 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -24,8 +24,7 @@ Description:
[euid=] [fowner=] [fsname=]]
lsm: [[subj_user=] [subj_role=] [subj_type=]
[obj_user=] [obj_role=] [obj_type=]]
- option: [[appraise_type=]] [permit_directio]
-
+ option: [[appraise_type=]] [template=] [permit_directio]
base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK]
[FIRMWARE_CHECK]
[KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK]
@@ -38,6 +37,8 @@ Description:
fowner:= decimal value
lsm: are LSM specific
option: appraise_type:= [imasig]
+ template:= name of a defined IMA template type
+ (eg, ima-ng). Only valid when action is "measure".
pcr:= decimal value
default policy: