]> git.baikalelectronics.ru Git - kernel.git/commitdiff
IMA: update IMA policy documentation to include pcr= option
authorEric Richter <erichte@linux.vnet.ibm.com>
Thu, 15 Jun 2017 21:02:52 +0000 (16:02 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 21 Jun 2017 18:37:12 +0000 (14:37 -0400)
Commit 00e9f9b92 "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=".  Missing was the documentation
for this option.  This patch updates ima_policy to include this option,
as well as an example.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Documentation/ABI/testing/ima_policy

index bb0f9a135e21be07c5ef009d449fdb8656fb05d2..e76432b9954d5e81283a71ea31069bc5d2b69896 100644 (file)
@@ -34,9 +34,10 @@ Description:
                        fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
                        uid:= decimal value
                        euid:= decimal value
-                       fowner:=decimal value
+                       fowner:= decimal value
                lsm:    are LSM specific
                option: appraise_type:= [imasig]
+                       pcr:= decimal value
 
                default policy:
                        # PROC_SUPER_MAGIC
@@ -96,3 +97,8 @@ Description:
 
                Smack:
                        measure subj_user=_ func=FILE_CHECK mask=MAY_READ
+
+               Example of measure rules using alternate PCRs:
+
+                       measure func=KEXEC_KERNEL_CHECK pcr=4
+                       measure func=KEXEC_INITRAMFS_CHECK pcr=5