integrity: IMA policy

Support for a user loadable policy through securityfs with support for LSM specific policy data. - free invalid rule in ima_parse_add_rule() Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2009-02-04 09:07:00 -0500
committer: James Morris <jmorris@namei.org> 2009-02-06 09:05:31 +1100
commit: 4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
tree: faec95258d2456eb35515f289eb688914ce3b54f /security/integrity/ima/Kconfig
parent: bab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 2a761c8ac996..3d2b6ee778a0 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -47,3 +47,9 @@ config IMA_AUDIT
 	  auditing messages can be enabled with 'ima_audit=1' on
 	  the kernel command line.
 
+config IMA_LSM_RULES
+	bool
+	depends on IMA && (SECURITY_SELINUX || SECURITY_SMACK)
+	default y
+	help
+	  Disabling this option will disregard LSM based policy rules
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2009-02-04 09:07:00 -0500
committer	James Morris <jmorris@namei.org>	2009-02-06 09:05:31 +1100
commit	4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
tree	faec95258d2456eb35515f289eb688914ce3b54f /security/integrity/ima/Kconfig
parent	bab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)