diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-06-07 12:16:34 +0200 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-10-26 21:32:54 -0400 |
| commit | 4286587dccd43d4f81fa227e413ed7e909895342 (patch) | |
| tree | 94781e93d49c79253048e60b21d822c635cda444 /security/integrity | |
| parent | add1c05dceb495a45036d66cdcbb3b2306de26c1 (diff) | |
ima: add Kconfig default measurement list template
This patch adds a Kconfig option to select the default IMA
measurement list template. The 'ima' template limited the
filedata hash to 20 bytes and the pathname to 255 charaters.
The 'ima-ng' measurement list template permits larger hash
digests and longer pathnames.
Changelog:
- keep 'select CRYPTO_HASH_INFO' in 'config IMA' section (Kconfig)
(Roberto Sassu);
- removed trailing whitespaces (Roberto Sassu).
- Lindent fixes
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Diffstat (limited to 'security/integrity')
| -rw-r--r-- | security/integrity/ima/Kconfig | 25 | ||||
| -rw-r--r-- | security/integrity/ima/ima_template.c | 4 |
2 files changed, 27 insertions, 2 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e6628e783df1..de26cc873ae6 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -46,6 +46,31 @@ config IMA_LSM_RULES help Disabling this option will disregard LSM based policy rules. +choice + prompt "Default template" + default IMA_NG_TEMPLATE + depends on IMA + help + Select the default IMA measurement template. + + The original 'ima' measurement list template contains a + hash, defined as 20 bytes, and a null terminated pathname, + limited to 255 characters. The 'ima-ng' measurement list + template permits both larger hash digests and longer + pathnames. + + config IMA_TEMPLATE + bool "ima" + config IMA_NG_TEMPLATE + bool "ima-ng (default)" +endchoice + +config IMA_DEFAULT_TEMPLATE + string + depends on IMA + default "ima" if IMA_TEMPLATE + default "ima-ng" if IMA_NG_TEMPLATE + config IMA_APPRAISE bool "Appraise integrity measurements" depends on IMA diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 1c4cf194592c..c28ff9bf8f32 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -127,8 +127,8 @@ static int init_defined_templates(void) struct ima_template_desc *ima_template_desc_current(void) { if (!ima_template) - ima_template = lookup_template_desc(IMA_TEMPLATE_IMA_NAME); - + ima_template = + lookup_template_desc(CONFIG_IMA_DEFAULT_TEMPLATE); return ima_template; } |