linux/security
Dmitry Kasatkin 2faa6ef3b2 ima: provide 'ima_appraise=log' kernel option
The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes.  When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode.  It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-09-17 16:14:23 -04:00
..
apparmor sched: move no_new_privs into new atomic flags 2014-07-18 12:13:38 -07:00
integrity ima: provide 'ima_appraise=log' kernel option 2014-09-17 16:14:23 -04:00
keys KEYS: revert encrypted key change 2014-07-28 12:36:17 +01:00
selinux Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2014-08-02 22:58:02 +10:00
smack Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2014-08-02 22:58:02 +10:00
tomoyo get rid of pointless checks for NULL ->i_op 2014-04-01 23:19:16 -04:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
capability.c security: introduce kernel_fw_from_file hook 2014-07-25 11:47:45 -07:00
commoncap.c CAPABILITIES: remove undefined caps from all processes 2014-07-24 21:53:47 +10:00
device_cgroup.c device_cgroup: use css_has_online_children() instead of has_children() 2014-05-16 13:22:52 -04:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
lsm_audit.c audit: anchor all pid references in the initial pid namespace 2014-03-20 10:11:55 -04:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c ima: add support for measuring and appraising firmware 2014-07-25 11:47:46 -07:00