Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e1f5e01f authored by Mimi Zohar's avatar Mimi Zohar
Browse files

ima: define Kconfig IMA_APPRAISE_BOOTPARAM option 



Permit enabling the different "ima_appraise=" modes (eg. log, fix)
from the boot command line.

Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 503ceaef

security/integrity/ima/Kconfig

+8 −0
Original line number Diff line number Diff line
@@ -155,6 +155,14 @@ config IMA_APPRAISE 
	  <http://linux-ima.sourceforge.net>

	  If unsure, say N.



config IMA_APPRAISE_BOOTPARAM

	bool "ima_appraise boot parameter"

	depends on IMA_APPRAISE

	default y

	help

	  This option enables the different "ima_appraise=" modes

	  (eg. fix, log) from the boot command line.



config IMA_TRUSTED_KEYRING

	bool "Require all keys on the .ima keyring be signed (deprecated)"

	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING

security/integrity/ima/ima_appraise.c

+2 −0
Original line number Diff line number Diff line
@@ -20,12 +20,14 @@ 


static int __init default_appraise_setup(char *str)

{

#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM

	if (strncmp(str, "off", 3) == 0)

		ima_appraise = 0;

	else if (strncmp(str, "log", 3) == 0)

		ima_appraise = IMA_APPRAISE_LOG;

	else if (strncmp(str, "fix", 3) == 0)

		ima_appraise = IMA_APPRAISE_FIX;

#endif

	return 1;

}