From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-ima-devel@lists.sourceforge.net
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
Dave Young <dyoung@redhat.com>
Subject: [PATCH 1/4] ima: extend the "ima_policy" boot command line to support multiple policies
Date: Tue, 2 May 2017 14:47:09 -0400 [thread overview]
Message-ID: <1493750832-11981-2-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1493750832-11981-1-git-send-email-zohar@linux.vnet.ibm.com>
Add support for providing multiple builtin policies on the "ima_policy="
boot command line. Use "|" as the delimitor separating the policy names.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
Documentation/admin-guide/kernel-parameters.txt | 17 +++++++++++------
security/integrity/ima/ima_policy.c | 15 ++++++++++-----
2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 2ba45caabada..06b95e28e5e2 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1477,12 +1477,17 @@
in crypto/hash_info.h.
ima_policy= [IMA]
- The builtin measurement policy to load during IMA
- setup. Specyfing "tcb" as the value, measures all
- programs exec'd, files mmap'd for exec, and all files
- opened with the read mode bit set by either the
- effective uid (euid=0) or uid=0.
- Format: "tcb"
+ The builtin policies to load during IMA setup.
+ Format: "tcb | appraise_tcb"
+
+ The "tcb" policy measures all programs exec'd, files
+ mmap'd for exec, and all files opened with the read
+ mode bit set by either the effective uid (euid=0) or
+ uid=0.
+
+ The "appraise_tcb" policy appraises the integrity of
+ all files owned by root. (This is the equivalent
+ of ima_appraise_tcb.)
ima_tcb [IMA] Deprecated. Use ima_policy= instead.
Load a policy which meets the needs of the Trusted
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 3ab1067db624..0ddc41389a9c 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -170,19 +170,24 @@ static int __init default_measure_policy_setup(char *str)
}
__setup("ima_tcb", default_measure_policy_setup);
+static bool ima_use_appraise_tcb __initdata;
static int __init policy_setup(char *str)
{
- if (ima_policy)
- return 1;
+ char *p;
- if (strcmp(str, "tcb") == 0)
- ima_policy = DEFAULT_TCB;
+ while ((p = strsep(&str, " |\n")) != NULL) {
+ if (*p == ' ')
+ continue;
+ if ((strcmp(p, "tcb") == 0) && !ima_policy)
+ ima_policy = DEFAULT_TCB;
+ else if (strcmp(p, "appraise_tcb") == 0)
+ ima_use_appraise_tcb = 1;
+ }
return 1;
}
__setup("ima_policy=", policy_setup);
-static bool ima_use_appraise_tcb __initdata;
static int __init default_appraise_policy_setup(char *str)
{
ima_use_appraise_tcb = 1;
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 1/4] ima: extend the "ima_policy" boot command line to support multiple policies
Date: Tue, 2 May 2017 14:47:09 -0400 [thread overview]
Message-ID: <1493750832-11981-2-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1493750832-11981-1-git-send-email-zohar@linux.vnet.ibm.com>
Add support for providing multiple builtin policies on the "ima_policy="
boot command line. Use "|" as the delimitor separating the policy names.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
Documentation/admin-guide/kernel-parameters.txt | 17 +++++++++++------
security/integrity/ima/ima_policy.c | 15 ++++++++++-----
2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 2ba45caabada..06b95e28e5e2 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1477,12 +1477,17 @@
in crypto/hash_info.h.
ima_policy= [IMA]
- The builtin measurement policy to load during IMA
- setup. Specyfing "tcb" as the value, measures all
- programs exec'd, files mmap'd for exec, and all files
- opened with the read mode bit set by either the
- effective uid (euid=0) or uid=0.
- Format: "tcb"
+ The builtin policies to load during IMA setup.
+ Format: "tcb | appraise_tcb"
+
+ The "tcb" policy measures all programs exec'd, files
+ mmap'd for exec, and all files opened with the read
+ mode bit set by either the effective uid (euid=0) or
+ uid=0.
+
+ The "appraise_tcb" policy appraises the integrity of
+ all files owned by root. (This is the equivalent
+ of ima_appraise_tcb.)
ima_tcb [IMA] Deprecated. Use ima_policy= instead.
Load a policy which meets the needs of the Trusted
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 3ab1067db624..0ddc41389a9c 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -170,19 +170,24 @@ static int __init default_measure_policy_setup(char *str)
}
__setup("ima_tcb", default_measure_policy_setup);
+static bool ima_use_appraise_tcb __initdata;
static int __init policy_setup(char *str)
{
- if (ima_policy)
- return 1;
+ char *p;
- if (strcmp(str, "tcb") == 0)
- ima_policy = DEFAULT_TCB;
+ while ((p = strsep(&str, " |\n")) != NULL) {
+ if (*p == ' ')
+ continue;
+ if ((strcmp(p, "tcb") == 0) && !ima_policy)
+ ima_policy = DEFAULT_TCB;
+ else if (strcmp(p, "appraise_tcb") == 0)
+ ima_use_appraise_tcb = 1;
+ }
return 1;
}
__setup("ima_policy=", policy_setup);
-static bool ima_use_appraise_tcb __initdata;
static int __init default_appraise_policy_setup(char *str)
{
ima_use_appraise_tcb = 1;
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-05-02 18:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-02 18:47 [PATCH 0/4] ima: builtin policy requiring file signatures Mimi Zohar
2017-05-02 18:47 ` Mimi Zohar
2017-05-02 18:47 ` Mimi Zohar [this message]
2017-05-02 18:47 ` [PATCH 1/4] ima: extend the "ima_policy" boot command line to support multiple policies Mimi Zohar
2017-05-02 18:47 ` [PATCH 2/4] ima: define a set of appraisal rules requiring file signatures Mimi Zohar
2017-05-02 18:47 ` Mimi Zohar
2017-05-02 18:47 ` [PATCH 3/4] ima: define Kconfig IMA_APPRAISE_BOOTPARAM option Mimi Zohar
2017-05-02 18:47 ` Mimi Zohar
2017-05-02 18:47 ` [PATCH 4/4] ima: define is_ima_appraise_enabled() Mimi Zohar
2017-05-02 18:47 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1493750832-11981-2-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=dyoung@redhat.com \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.