From: "Enrico Weigelt, metux IT consult" <info@metux.net>
To: linux-kernel@vger.kernel.org
Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [PATCH] secuirty: integrity: ima: pedantic formatting
Date: Mon, 11 Mar 2019 14:44:40 +0100 [thread overview]
Message-ID: <1552311880-20569-1-git-send-email-info@metux.net> (raw)
Formatting of Kconfig files doesn't look so pretty, so let the
Great White Handkerchief come around and clean it up.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
security/integrity/ima/Kconfig | 64 +++++++++++++++++++++---------------------
1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index a18f8c6..416b724 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -34,12 +34,12 @@ config IMA_KEXEC
depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
default n
help
- TPM PCRs are only reset on a hard reboot. In order to validate
- a TPM's quote after a soft boot, the IMA measurement list of the
- running kernel must be saved and restored on boot.
+ TPM PCRs are only reset on a hard reboot. In order to validate
+ a TPM's quote after a soft boot, the IMA measurement list of the
+ running kernel must be saved and restored on boot.
- Depending on the IMA policy, the measurement list can grow to
- be very large.
+ Depending on the IMA policy, the measurement list can grow to
+ be very large.
config IMA_MEASURE_PCR_IDX
int
@@ -91,10 +91,10 @@ choice
default IMA_DEFAULT_HASH_SHA1
depends on IMA
help
- Select the default hash algorithm used for the measurement
- list, integrity appraisal and audit log. The compiled default
- hash algorithm can be overwritten using the kernel command
- line 'ima_hash=' option.
+ Select the default hash algorithm used for the measurement
+ list, integrity appraisal and audit log. The compiled default
+ hash algorithm can be overwritten using the kernel command
+ line 'ima_hash=' option.
config IMA_DEFAULT_HASH_SHA1
bool "SHA1 (default)"
@@ -138,9 +138,9 @@ config IMA_READ_POLICY
default y if IMA_WRITE_POLICY
default n if !IMA_WRITE_POLICY
help
- It is often useful to be able to read back the IMA policy. It is
- even more important after introducing CONFIG_IMA_WRITE_POLICY.
- This option allows the root user to see the current policy rules.
+ It is often useful to be able to read back the IMA policy. It is
+ even more important after introducing CONFIG_IMA_WRITE_POLICY.
+ This option allows the root user to see the current policy rules.
config IMA_APPRAISE
bool "Appraise integrity measurements"
@@ -158,12 +158,12 @@ config IMA_APPRAISE
If unsure, say N.
config IMA_ARCH_POLICY
- bool "Enable loading an IMA architecture specific policy"
- depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
- default n
- help
- This option enables loading an IMA architecture specific policy
- based on run time secure boot flags.
+ bool "Enable loading an IMA architecture specific policy"
+ depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
+ default n
+ help
+ This option enables loading an IMA architecture specific policy
+ based on run time secure boot flags.
config IMA_APPRAISE_BUILD_POLICY
bool "IMA build time configured policy rules"
@@ -238,10 +238,10 @@ config IMA_TRUSTED_KEYRING
select INTEGRITY_TRUSTED_KEYRING
default y
help
- This option requires that all keys added to the .ima
- keyring be signed by a key on the system trusted keyring.
+ This option requires that all keys added to the .ima
+ keyring be signed by a key on the system trusted keyring.
- This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
+ This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
@@ -266,32 +266,32 @@ config IMA_BLACKLIST_KEYRING
depends on IMA_TRUSTED_KEYRING
default n
help
- This option creates an IMA blacklist keyring, which contains all
- revoked IMA keys. It is consulted before any other keyring. If
- the search is successful the requested operation is rejected and
- an error is returned to the caller.
+ This option creates an IMA blacklist keyring, which contains all
+ revoked IMA keys. It is consulted before any other keyring. If
+ the search is successful the requested operation is rejected and
+ an error is returned to the caller.
config IMA_LOAD_X509
bool "Load X509 certificate onto the '.ima' trusted keyring"
depends on IMA_TRUSTED_KEYRING
default n
help
- File signature verification is based on the public keys
- loaded on the .ima trusted keyring. These public keys are
- X509 certificates signed by a trusted key on the
- .system keyring. This option enables X509 certificate
- loading from the kernel onto the '.ima' trusted keyring.
+ File signature verification is based on the public keys
+ loaded on the .ima trusted keyring. These public keys are
+ X509 certificates signed by a trusted key on the
+ .system keyring. This option enables X509 certificate
+ loading from the kernel onto the '.ima' trusted keyring.
config IMA_X509_PATH
string "IMA X509 certificate path"
depends on IMA_LOAD_X509
default "/etc/keys/x509_ima.der"
help
- This option defines IMA X509 certificate path.
+ This option defines IMA X509 certificate path.
config IMA_APPRAISE_SIGNED_INIT
bool "Require signed user-space initialization"
depends on IMA_LOAD_X509
default n
help
- This option requires user-space init to be signed.
+ This option requires user-space init to be signed.
--
1.9.1
reply other threads:[~2019-03-11 13:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552311880-20569-1-git-send-email-info@metux.net \
--to=info@metux.net \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.