Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d726d8d7 authored by Mimi Zohar's avatar Mimi Zohar
Browse files

integrity: move integrity_audit_msg() 



This patch moves the integrity_audit_msg() function and defintion to
security/integrity/, the parent directory, renames the 'ima_audit'
boot command line option to 'integrity_audit', and fixes the Kconfig
help text to reflect the actual code.

Changelog:
- Fixed ifdef inclusion of integrity_audit_msg() (Fengguang Wu)

Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 37ec43cd

Documentation/kernel-parameters.txt

+5 −5
Original line number Diff line number Diff line
@@ -1129,11 +1129,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 
			The builtin appraise policy appraises all files

			owned by uid=0.



	ima_audit=	[IMA]

			Format: { "0" | "1" }

			0 -- integrity auditing messages. (Default)

			1 -- enable informational integrity auditing messages.



	ima_hash=	[IMA]

			Format: { "sha1" | "md5" }

			default: "sha1"
@@ -1158,6 +1153,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 
	inport.irq=	[HW] Inport (ATI XL and Microsoft) busmouse driver

			Format: <irq>



	integrity_audit=[IMA]

			Format: { "0" | "1" }

			0 -- basic integrity auditing messages. (Default)

			1 -- additional integrity auditing messages.



	intel_iommu=	[DMAR] Intel IOMMU driver (DMAR) option

		on

			Enable intel iommu driver.

security/integrity/Kconfig

+15 −0
Original line number Diff line number Diff line
@@ -17,6 +17,21 @@ config INTEGRITY_SIGNATURE 
	  This is useful for evm and module keyrings, when keys are

	  usually only added from initramfs.



config INTEGRITY_AUDIT

	bool "Enables integrity auditing support "

	depends on INTEGRITY && AUDIT

	default y

	help

	  In addition to enabling integrity auditing support, this

	  option adds a kernel parameter 'integrity_audit', which

	  controls the level of integrity auditing messages.

	  0 - basic integrity auditing messages (default)

	  1 - additional integrity auditing messages



	  Additional informational integrity auditing messages would

	  be enabled by specifying 'integrity_audit=1' on the kernel

	  command line.



config INTEGRITY_ASYMMETRIC_KEYS

	boolean "Enable asymmetric keys support"

	depends on INTEGRITY_SIGNATURE

security/integrity/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
#



obj-$(CONFIG_INTEGRITY) += integrity.o

obj-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o

obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o

obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o

security/integrity/ima/Kconfig

+0 −12
Original line number Diff line number Diff line
@@ -38,18 +38,6 @@ config IMA_MEASURE_PCR_IDX 
	  that IMA uses to maintain the integrity aggregate of the

	  measurement list.  If unsure, use the default 10.



config IMA_AUDIT

	bool "Enables auditing support"

	depends on IMA

	depends on AUDIT

	default y

	help

	  This option adds a kernel parameter 'ima_audit', which

	  allows informational auditing messages to be enabled

	  at boot.  If this option is selected, informational integrity

	  auditing messages can be enabled with 'ima_audit=1' on

	  the kernel command line.



config IMA_LSM_RULES

	bool

	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)

security/integrity/ima/Makefile

+0 −1
Original line number Diff line number Diff line
@@ -7,5 +7,4 @@ obj-$(CONFIG_IMA) += ima.o 


ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \

	 ima_policy.o

ima-$(CONFIG_IMA_AUDIT) += ima_audit.o

ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o