diff options
author | Eric Richter <erichte@linux.vnet.ibm.com> | 2017-06-15 16:02:52 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-06-21 14:37:12 -0400 |
commit | fc26bd50539b6f52aa75ffbaec7b083825ec5451 (patch) | |
tree | 41a04f7bf16fa9290e13b5790d9a3b1d3f20f24c /Documentation/ABI | |
parent | 915d9d255defeba80e1331a2b8bb8a79c0ca4db7 (diff) |
IMA: update IMA policy documentation to include pcr= option
Commit 0260643ce "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=". Missing was the documentation
for this option. This patch updates ima_policy to include this option,
as well as an example.
Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'Documentation/ABI')
-rw-r--r-- | Documentation/ABI/testing/ima_policy | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index bb0f9a135e21..e76432b9954d 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -34,9 +34,10 @@ Description: fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6) uid:= decimal value euid:= decimal value - fowner:=decimal value + fowner:= decimal value lsm: are LSM specific option: appraise_type:= [imasig] + pcr:= decimal value default policy: # PROC_SUPER_MAGIC @@ -96,3 +97,8 @@ Description: Smack: measure subj_user=_ func=FILE_CHECK mask=MAY_READ + + Example of measure rules using alternate PCRs: + + measure func=KEXEC_KERNEL_CHECK pcr=4 + measure func=KEXEC_INITRAMFS_CHECK pcr=5 |