ima: added policy support for 'security.ima' type
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>
Fri, 8 Jun 2012 10:58:49 +0000 (13:58 +0300)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 22 Jan 2013 21:10:31 +0000 (16:10 -0500)
commit0e5a247cb37a97d843ef76d09d5f80deb7893ba3
tree7206abaf6d20e69a89584046ed7dc9970ba2da12
parenta175b8bb29ebbad380ab4788f307fbfc47997b19
ima: added policy support for 'security.ima' type

The 'security.ima' extended attribute may contain either the file data's
hash or a digital signature.  This patch adds support for requiring a
specific extended attribute type.  It extends the IMA policy with a new
keyword 'appraise_type=imasig'.  (Default is hash.)

Changelog v2:
- Fixed Documentation/ABI/testing/ima_policy option syntax
Changelog v1:
- Differentiate between 'required' vs. 'actual' extended attribute

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Documentation/ABI/testing/ima_policy
security/integrity/ima/ima_appraise.c
security/integrity/ima/ima_main.c
security/integrity/ima/ima_policy.c
security/integrity/integrity.h