Searched hist:e9085e0ad38a333012629d815c203155d61ebe7e (Results 1 – 7 of 7) sorted by relevance
/linux/security/integrity/ima/ |
H A D | ima_asymmetric_keys.c | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|
H A D | ima_api.c | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|
H A D | ima_appraise.c | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|
H A D | ima.h | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|
H A D | ima_policy.c | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|
H A D | ima_main.c | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|
/linux/Documentation/ABI/testing/ |
H A D | ima_policy | diff e9085e0ad38a333012629d815c203155d61ebe7e Wed Dec 11 17:47:06 CET 2019 Lakshmi Ramasubramanian <nramas@linux.microsoft.com> IMA: Add support to limit measuring keys
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy.
This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured.
If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy.
Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
|