ima: added support for new kernel cmdline parameter ima_template_fmt
This patch allows users to provide a custom template format through the
new kernel command line parameter 'ima_template_fmt'. If the supplied
format is not valid, IMA uses the default template descriptor.
Changelog:
- v3:
- added check for 'fields' and 'num_fields' in
template_desc_init_fields() (suggested by Mimi Zohar)
- v2:
- using template_desc_init_fields() to validate a format string
(Roberto Sassu)
- updated documentation by stating that only the chosen template
descriptor is initialized (Roberto Sassu)
- v1:
- simplified code of ima_template_fmt_setup()
(Roberto Sassu, suggested by Mimi Zohar)
Signed-off-by: 
Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: 
Mimi Zohar <zohar@linux.vnet.ibm.com>
Showing
- Documentation/kernel-parameters.txt 4 additions, 0 deletionsDocumentation/kernel-parameters.txt
- Documentation/security/IMA-templates.txt 14 additions, 15 deletionsDocumentation/security/IMA-templates.txt
- security/integrity/ima/ima_template.c 34 additions, 5 deletionssecurity/integrity/ima/ima_template.c
Please register or sign in to comment