Commit fc26bd50 authored Jun 15, 2017 by Eric Richter Committed by Mimi Zohar Jun 21, 2017

IMA: update IMA policy documentation to include pcr= option



Commit 0260643c "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=".  Missing was the documentation
for this option.  This patch updates ima_policy to include this option,
as well as an example.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent 915d9d25

Documentation/ABI/testing/ima_policy

+7 −1

Original line number	Diff line number	Diff line
		@@ -37,6 +37,7 @@ Description:
		fowner:= decimal value
		lsm: are LSM specific
		option: appraise_type:= [imasig]
		pcr:= decimal value

		default policy:
		# PROC_SUPER_MAGIC
		@@ -96,3 +97,8 @@ Description:

		Smack:
		measure subj_user=_ func=FILE_CHECK mask=MAY_READ

		Example of measure rules using alternate PCRs:

		measure func=KEXEC_KERNEL_CHECK pcr=4
		measure func=KEXEC_INITRAMFS_CHECK pcr=5