tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ima: add Kconfig default measurement list template
This patch adds a Kconfig option to select the default IMA
measurement list template. The 'ima' template limited the
filedata hash to 20 bytes and the pathname to 255 charaters.
The 'ima-ng' measurement list template permits larger hash
digests and longer pathnames.
Changelog:
- keep 'select CRYPTO_HASH_INFO' in 'config IMA' section (Kconfig)
(Roberto Sassu);
- removed trailing whitespaces (Roberto Sassu).
- Lindent fixes
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
+27
-2
+25
security/integrity/ima/Kconfig
+25
security/integrity/ima/Kconfig
···
46
46
help
47
47
Disabling this option will disregard LSM based policy rules.
48
48
49
+
choice
50
+
prompt "Default template"
51
+
default IMA_NG_TEMPLATE
52
+
depends on IMA
53
+
help
54
+
Select the default IMA measurement template.
55
+
56
+
The original 'ima' measurement list template contains a
57
+
hash, defined as 20 bytes, and a null terminated pathname,
58
+
limited to 255 characters. The 'ima-ng' measurement list
59
+
template permits both larger hash digests and longer
60
+
pathnames.
61
+
62
+
config IMA_TEMPLATE
63
+
bool "ima"
64
+
config IMA_NG_TEMPLATE
65
+
bool "ima-ng (default)"
66
+
endchoice
67
+
68
+
config IMA_DEFAULT_TEMPLATE
69
+
string
70
+
depends on IMA
71
+
default "ima" if IMA_TEMPLATE
72
+
default "ima-ng" if IMA_NG_TEMPLATE
73
+
49
74
config IMA_APPRAISE
50
75
bool "Appraise integrity measurements"
51
76
depends on IMA
+2
-2
security/integrity/ima/ima_template.c
+2
-2
security/integrity/ima/ima_template.c
···
127
127
struct ima_template_desc *ima_template_desc_current(void)
128
128
{
129
129
if (!ima_template)
130
-
ima_template = lookup_template_desc(IMA_TEMPLATE_IMA_NAME);
131
-
130
+
ima_template =
131
+
lookup_template_desc(CONFIG_IMA_DEFAULT_TEMPLATE);
132
132
return ima_template;
133
133
}
134
134