aboutsummaryrefslogtreecommitdiff
path: root/Documentation/ABI/testing/ima_policy
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/ABI/testing/ima_policy')
-rw-r--r--Documentation/ABI/testing/ima_policy9
1 files changed, 8 insertions, 1 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index 0a378a88217a..e76432b9954d 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -27,15 +27,17 @@ Description:
base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]
[FIRMWARE_CHECK]
+ [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK]
mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND]
[[^]MAY_EXEC]
fsmagic:= hex value
fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
uid:= decimal value
euid:= decimal value
- fowner:=decimal value
+ fowner:= decimal value
lsm: are LSM specific
option: appraise_type:= [imasig]
+ pcr:= decimal value
default policy:
# PROC_SUPER_MAGIC
@@ -95,3 +97,8 @@ Description:
Smack:
measure subj_user=_ func=FILE_CHECK mask=MAY_READ
+
+ Example of measure rules using alternate PCRs:
+
+ measure func=KEXEC_KERNEL_CHECK pcr=4
+ measure func=KEXEC_INITRAMFS_CHECK pcr=5
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 00:03:27 +0000