ima: limit the builtin 'tcb' dont_measure tmpfs policy rule - kernel

diff options

author	Mimi Zohar <[email protected]>	2024-12-27 02:27:42 +0000
committer	Mimi Zohar <[email protected]>	2025-01-03 15:18:24 +0000
commit	7eef7c8bac9a31f12ae19369582bc25971bc8fe1 (patch)
tree	563cdc3b6fbf4d2dfce1bf839864d46bf47f16be /tools/net/ynl/pyynl/cli.py
parent	ima: kexec: silence RCU list traversal warning (diff)
download	kernel-7eef7c8bac9a31f12ae19369582bc25971bc8fe1.tar.gz kernel-7eef7c8bac9a31f12ae19369582bc25971bc8fe1.zip

ima: limit the builtin 'tcb' dont_measure tmpfs policy rule

With a custom policy similar to the builtin IMA 'tcb' policy [1], arch specific policy, and a kexec boot command line measurement policy rule, the kexec boot command line is not measured due to the dont_measure tmpfs rule. Limit the builtin 'tcb' dont_measure tmpfs policy rule to just the "func=FILE_CHECK" hook. Depending on the end users security threat model, a custom policy might not even include this dont_measure tmpfs rule. Note: as a result of this policy rule change, other measurements might also be included in the IMA-measurement list that previously weren't included. [1] https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-tcb Reviewed-by: Petr Vorel <[email protected]> Signed-off-by: Mimi Zohar <[email protected]>

Diffstat (limited to 'tools/net/ynl/pyynl/cli.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: