diff options
| author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2012-09-03 23:23:13 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-02-06 10:40:29 -0500 |
| commit | 85865c1fa189fcba49089e6254a0226f2269bebc (patch) | |
| tree | e3bcc153e1218302a3bccd30f55295361396a781 /security/integrity/ima/ima_crypto.c | |
| parent | 74de66842473bdafa798010e58f1999ec70a8983 (diff) | |
ima: add policy support for file system uuid
The IMA policy permits specifying rules to enable or disable
measurement/appraisal/audit based on the file system magic number.
If, for example, the policy contains an ext4 measurement rule,
the rule is enabled for all ext4 partitions.
Sometimes it might be necessary to enable measurement/appraisal/audit
only for one partition and disable it for another partition of the
same type. With the existing IMA policy syntax, this can not be done.
This patch provides support for IMA policy rules to specify the file
system by its UUID (eg. fsuuid=397449cd-687d-4145-8698-7fed4a3e0363).
For partitions not being appraised, it might be a good idea to mount
file systems with the 'noexec' option to prevent executing non-verified
binaries.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_crypto.c')
0 files changed, 0 insertions, 0 deletions