Commit 2faa6ef3 authored 10 years ago by Dmitry Kasatkin Committed by Mimi Zohar 10 years ago

ima: provide 'ima_appraise=log' kernel option


The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes.  When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode.  It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent 31b70f66

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 6 additions and 3 deletions

Please register or to comment