IMA: update IMA policy documentation to include pcr= option

Commit 00e9f9b92 "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=".  Missing was the documentation
for this option.  This patch updates ima_policy to include this option,
as well as an example.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index bb0f9a135e21be07c5ef009d449fdb8656fb05d2..e76432b9954d5e81283a71ea31069bc5d2b69896 100644 (file)
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -34,9 +34,10 @@ Description:
                        fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
                        uid:= decimal value
                        euid:= decimal value
-                       fowner:=decimal value
+                       fowner:= decimal value
                lsm:    are LSM specific
                option: appraise_type:= [imasig]
+                       pcr:= decimal value
 
                default policy:
                        # PROC_SUPER_MAGIC
@@ -96,3 +97,8 @@ Description:
 
                Smack:
                        measure subj_user=_ func=FILE_CHECK mask=MAY_READ
+
+               Example of measure rules using alternate PCRs:
+
+                       measure func=KEXEC_KERNEL_CHECK pcr=4
+                       measure func=KEXEC_INITRAMFS_CHECK pcr=5