Commit
00e9f9b92 "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=". Missing was the documentation
for this option. This patch updates ima_policy to include this option,
as well as an example.
Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
uid:= decimal value
euid:= decimal value
- fowner:=decimal value
+ fowner:= decimal value
lsm: are LSM specific
option: appraise_type:= [imasig]
+ pcr:= decimal value
default policy:
# PROC_SUPER_MAGIC
Smack:
measure subj_user=_ func=FILE_CHECK mask=MAY_READ
+
+ Example of measure rules using alternate PCRs:
+
+ measure func=KEXEC_KERNEL_CHECK pcr=4
+ measure func=KEXEC_INITRAMFS_CHECK pcr=5